Documente Academic
Documente Profesional
Documente Cultură
V300R002
Feature Description
Issue 03
Date 2007-07-10
Part Number 31400134
Website: http://www.huawei.com
Email: support@huawei.com
and other Huawei trademarks are the property of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but the statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Contents
2 VLAN............................................................................................................................................2-1
2.1 Standard VLAN...............................................................................................................................................2-2
2.1.1 Introduction............................................................................................................................................2-2
2.1.2 Availability.............................................................................................................................................2-3
2.1.3 Principle.................................................................................................................................................2-3
2.1.4 Implementation.......................................................................................................................................2-4
2.1.5 Reference................................................................................................................................................2-4
2.2 Smart VLAN...................................................................................................................................................2-4
2.2.1 Introduction............................................................................................................................................2-5
2.2.2 Availability.............................................................................................................................................2-5
2.2.3 Principle.................................................................................................................................................2-6
2.2.4 Implementation.......................................................................................................................................2-6
2.2.5 Reference................................................................................................................................................2-6
2.3 MUX VLAN...................................................................................................................................................2-6
2.3.1 Introduction............................................................................................................................................2-7
2.3.2 Availability.............................................................................................................................................2-7
2.3.3 Principle.................................................................................................................................................2-7
2.3.4 Implementation.......................................................................................................................................2-8
2.3.5 Reference................................................................................................................................................2-8
2.4 QinQ VLAN....................................................................................................................................................2-8
2.4.1 Introduction............................................................................................................................................2-8
2.4.2 Availability.............................................................................................................................................2-9
2.4.3 Principle.................................................................................................................................................2-9
2.4.4 Implementation.....................................................................................................................................2-10
2.4.5 Reference..............................................................................................................................................2-10
4 ARP Proxy....................................................................................................................................4-1
4.1 ARP.................................................................................................................................................................4-2
4.1.1 Introduction............................................................................................................................................4-2
4.1.2 Availability.............................................................................................................................................4-3
4.1.3 Principle.................................................................................................................................................4-3
4.1.4 Implementation.......................................................................................................................................4-4
4.1.5 Reference................................................................................................................................................4-4
4.2 ARP Proxy.......................................................................................................................................................4-4
4.2.1 Introduction............................................................................................................................................4-5
4.2.2 Availability.............................................................................................................................................4-5
4.2.3 Principle.................................................................................................................................................4-5
4.2.4 Implementation.......................................................................................................................................4-6
4.2.5 Reference................................................................................................................................................4-7
5 ACL............................................................................................................................................... 5-1
5.1 Introduction.....................................................................................................................................................5-2
5.2 Availability......................................................................................................................................................5-4
5.3 Principle..........................................................................................................................................................5-4
5.4 Implementation................................................................................................................................................5-5
5.5 Reference.........................................................................................................................................................5-5
6 QoS................................................................................................................................................6-1
6.1 Overview.........................................................................................................................................................6-2
6.1.1 Introduction............................................................................................................................................6-2
6.1.2 Availability.............................................................................................................................................6-3
6.1.3 Principle.................................................................................................................................................6-3
6.1.4 Implementation.......................................................................................................................................6-4
6.1.5 Reference................................................................................................................................................6-4
6.2 PQ....................................................................................................................................................................6-4
6.2.1 Introduction............................................................................................................................................6-4
6.2.2 Principle.................................................................................................................................................6-5
6.3 WRR................................................................................................................................................................6-5
6.3.1 Introduction............................................................................................................................................6-6
6.3.2 Principle.................................................................................................................................................6-6
7 RSTP.............................................................................................................................................7-1
7.1 Introduction.....................................................................................................................................................7-2
7.2 Availability......................................................................................................................................................7-3
7.3 Principle..........................................................................................................................................................7-3
7.4 Implementation................................................................................................................................................7-5
7.5 Reference.........................................................................................................................................................7-5
8 NTP...............................................................................................................................................8-1
8.1 Introduction.....................................................................................................................................................8-2
8.2 Availability......................................................................................................................................................8-3
8.3 Principle..........................................................................................................................................................8-3
8.4 Implementation................................................................................................................................................8-4
8.5 Reference.........................................................................................................................................................8-5
9 Multicast......................................................................................................................................9-1
9.1 Overview.........................................................................................................................................................9-2
9.1.1 Introduction............................................................................................................................................9-2
9.1.2 Availability.............................................................................................................................................9-3
9.1.3 Principle.................................................................................................................................................9-3
9.1.4 Implementation.......................................................................................................................................9-4
9.1.5 Reference................................................................................................................................................9-4
9.2 IGMP Snooping...............................................................................................................................................9-5
9.2.1 Introduction............................................................................................................................................9-5
9.2.2 Principle.................................................................................................................................................9-5
9.3 IGMP Proxy....................................................................................................................................................9-6
9.3.1 Introduction............................................................................................................................................9-6
9.3.2 Principle.................................................................................................................................................9-7
9.4 Program Management.....................................................................................................................................9-7
9.4.1 Introduction............................................................................................................................................9-7
9.4.2 Principle.................................................................................................................................................9-8
9.5 User Management...........................................................................................................................................9-9
9.5.1 Introduction............................................................................................................................................9-9
9.5.2 Principle.................................................................................................................................................9-9
10 Triple Play...............................................................................................................................10-1
11 Routing.....................................................................................................................................11-1
11.1 Overview.....................................................................................................................................................11-2
11.1.1 Introduction........................................................................................................................................11-2
11.1.2 Availability.........................................................................................................................................11-3
11.1.3 Principle.............................................................................................................................................11-3
11.1.4 Implementation...................................................................................................................................11-8
11.1.5 Reference............................................................................................................................................11-8
11.2 Static Route.................................................................................................................................................11-8
11.2.1 Introduction........................................................................................................................................11-8
11.2.2 Principle.............................................................................................................................................11-9
11.3 Dynamic Route............................................................................................................................................11-9
11.3.1 Introduction........................................................................................................................................11-9
11.3.2 Principle...........................................................................................................................................11-10
13 ATM Subtending...................................................................................................................13-1
13.1 Introduction.................................................................................................................................................13-2
13.2 Availability..................................................................................................................................................13-3
13.3 Principle......................................................................................................................................................13-3
13.4 Implementation............................................................................................................................................13-5
13.5 Reference.....................................................................................................................................................13-6
14 MPLS........................................................................................................................................14-1
14.1 MPLS Feature Description..........................................................................................................................14-2
14.1.1 Introduction........................................................................................................................................14-2
14.1.2 Availability.........................................................................................................................................14-5
14.1.3 Principle.............................................................................................................................................14-5
14.1.4 Implementation...................................................................................................................................14-6
14.1.5 Reference............................................................................................................................................14-6
15 System Security......................................................................................................................15-1
15.1 System Security Features............................................................................................................................15-2
15.1.1 Introduction........................................................................................................................................15-2
15.1.2 Availability.........................................................................................................................................15-4
15.1.3 Principle.............................................................................................................................................15-4
15.1.4 Implementation...................................................................................................................................15-4
15.1.5 Reference............................................................................................................................................15-5
15.2 Anti-DoS Attack..........................................................................................................................................15-5
15.2.1 Introduction........................................................................................................................................15-5
15.2.2 Availability.........................................................................................................................................15-6
15.2.3 Principle.............................................................................................................................................15-6
15.2.4 Implementation...................................................................................................................................15-7
15.3 Anti-ICMP/IP Attack..................................................................................................................................15-7
15.3.1 Introduction........................................................................................................................................15-7
15.3.2 Principle.............................................................................................................................................15-7
15.4 Source Route Filtering................................................................................................................................15-8
15.4.1 Introduction........................................................................................................................................15-8
15.4.2 Principle.............................................................................................................................................15-8
15.5 MAC Address Filtering...............................................................................................................................15-8
15.5.1 Introduction........................................................................................................................................15-9
15.5.2 Availability.........................................................................................................................................15-9
15.5.3 Principle.............................................................................................................................................15-9
15.6 Firewall Black List....................................................................................................................................15-10
15.6.1 Introduction......................................................................................................................................15-10
15.6.2 Principle...........................................................................................................................................15-10
15.7 Firewall......................................................................................................................................................15-11
15.7.1 Introduction......................................................................................................................................15-11
15.7.2 Principle...........................................................................................................................................15-11
15.8 Address Segments Configuration..............................................................................................................15-12
15.8.1 Introduction......................................................................................................................................15-12
15.8.2 Principle...........................................................................................................................................15-12
16 User Security...........................................................................................................................16-1
16.1 PITP.............................................................................................................................................................16-2
16.1.1 Introduction........................................................................................................................................16-2
16.1.2 Availability.........................................................................................................................................16-3
16.1.3 Principle.............................................................................................................................................16-3
16.1.4 Implementation.................................................................................................................................16-10
16.1.5 Reference..........................................................................................................................................16-10
16.2 DHCP Option82........................................................................................................................................16-10
16.2.1 Introduction......................................................................................................................................16-11
16.2.2 Availability.......................................................................................................................................16-11
16.2.3 Principle...........................................................................................................................................16-12
16.2.4 Implementation.................................................................................................................................16-13
16.2.5 Reference..........................................................................................................................................16-14
16.3 RAIO.........................................................................................................................................................16-14
16.3.1 Introduction......................................................................................................................................16-14
16.3.2 Availability.......................................................................................................................................16-15
16.3.3 Principle...........................................................................................................................................16-15
16.3.4 Implementation.................................................................................................................................16-17
16.3.5 Reference..........................................................................................................................................16-17
16.4 IP Address Binding...................................................................................................................................16-17
16.4.1 Introduction......................................................................................................................................16-18
16.4.2 Availability.......................................................................................................................................16-18
16.4.3 Principle...........................................................................................................................................16-18
16.4.4 Implementation.................................................................................................................................16-18
16.4.5 Reference..........................................................................................................................................16-18
16.5 MAC Address Binding..............................................................................................................................16-19
16.5.1 Introduction......................................................................................................................................16-19
16.5.2 Availability.......................................................................................................................................16-20
16.5.3 Principle...........................................................................................................................................16-20
16.5.4 Implementation.................................................................................................................................16-20
16.5.5 Reference..........................................................................................................................................16-20
16.6 Anti-MAC Spoofing..................................................................................................................................16-20
16.6.1 Introduction......................................................................................................................................16-21
16.6.2 Availability.......................................................................................................................................16-22
16.6.3 Principle...........................................................................................................................................16-22
16.6.4 Implementation.................................................................................................................................16-22
16.6.5 Reference..........................................................................................................................................16-23
16.7 Anti-IP Spoofing.......................................................................................................................................16-23
16.7.1 Introduction......................................................................................................................................16-23
16.7.2 Availability.......................................................................................................................................16-24
16.7.3 Principle...........................................................................................................................................16-24
16.7.4 Implementation.................................................................................................................................16-24
16.7.5 Reference..........................................................................................................................................16-24
17 PPPoA Access..........................................................................................................................17-1
17.1 Introduction.................................................................................................................................................17-2
17.2 Availability..................................................................................................................................................17-2
17.3 Principle......................................................................................................................................................17-3
17.4 Implementation............................................................................................................................................17-4
17.5 Reference.....................................................................................................................................................17-4
18 IPoA Access.............................................................................................................................18-1
18.1 Introduction.................................................................................................................................................18-2
18.2 Availability..................................................................................................................................................18-2
18.3 Principle......................................................................................................................................................18-3
18.4 Implementation............................................................................................................................................18-4
18.5 Reference.....................................................................................................................................................18-4
20 Environment Monitoring......................................................................................................20-1
20.1 Introduction.................................................................................................................................................20-2
20.2 Availability..................................................................................................................................................20-3
20.3 Principle......................................................................................................................................................20-3
20.4 Implementation............................................................................................................................................20-6
20.5 Reference.....................................................................................................................................................20-6
21 Ethernet OAM.........................................................................................................................21-1
21.1 Introduction.................................................................................................................................................21-2
21.2 Availability..................................................................................................................................................21-4
21.3 Principle......................................................................................................................................................21-4
21.4 Implementation............................................................................................................................................21-6
21.5 Reference.....................................................................................................................................................21-6
Figures
Tables
Purpose
This document describes the key features of the MA5600 in detail from the following aspects:
l Definition
l Purpose
l Specification
l Principle
l Implementation
This document also provides the glossary, acronyms and abbreviations, as well as references
concerning these features of the MA5600.
Related Versions
The following table lists the product versions related to this document.
MA5600 V300R002
Intended Audience
The intended audience of this document is:
Organization
This document consists of the following parts and is organized as follows.
Chapter... Describes...
Chapter... Describes...
A Acronyms and The acronyms and abbreviations concerning all the features
Abbreviations of the MA5600
Conventions
Symbol Conventions
The following symbols may be found in this document. They are defined as follows.
Symbol Description
Symbol Description
General Conventions
Convention Description
Command Conventions
Convention Description
GUI Conventions
Convention Description
Convention Description
Keyboard Operation
Format Description
Key Press the key. For example, press Enter and press Tab.
Key 1+Key 2 Press the keys concurrently. For example, pressing Ctrl
+Alt+A means the three keys should be pressed
concurrently.
Key 1, Key 2 Press the keys in turn. For example, pressing Alt, A means
the two keys should be pressed in turn.
Mouse Operation
Action Description
Click Select and release the primary mouse button without moving
the pointer.
Drag Press and hold the primary mouse button and move the
pointer to a certain position.
Update History
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Issue 03 (2007-07-10)
This is the third release for the issue 02 (2007-04-15). The third release has the following updates:
Description of Environment Monitoring is added.
Issue 02 (2007-04-15)
This is the second release for the issue 01 (2006-08-10). The second release has the following
updates:
l ATM Subtending
l PPPoA Access
l IPoA Access
l Subtended Network Configuration
l Ethernet OAM
Issue 01 (2006-08-10)
It is the first release.
1 SHDSL Access
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the SHDSL access.
1.1 Introduction
This section describes the definition, purpose, specification, as well as acronyms and
abbreviations of the SHDSL access.
1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
1.3 Principle
This section describes the operating principles of the SHDSL access.
1.4 Implementation
This section describes the implementation of the SHDSL access.
1.5 Reference
This section describes the references on the SHDSL access.
1.1 Introduction
This section describes the definition, purpose, specification, as well as acronyms and
abbreviations of the SHDSL access.
Definition
Single-pair high-speed digital subscriber line (SHDSL) is a symmetrical transmission
technology that is used for providing the high-speed leased line access over the twisted pair. It
is developed on the basis of the following technologies:
l High-speed digital subscriber line (HDSL)
l Symmetrical digital subscriber line (SDSL)
l High-speed digital subscriber line 2 (HDSL2)
Purpose
This feature is used to provide high-speed leased line access service over common twisted pairs
with a reach of 3-6 km.
Specification
l SHDSL is implemented based on ITU-T Recommendation G.991.2.
l The MA5600 supports 2-wire SHDSL and 4-wire SHDSL. The upstream rate ranges from
192 Kbit/s to 2304 Kbit/s, and the downstream rate is 2312 Kbit/s. In 2-wire mode, the rate
adjustment granularity is 64 Kbit/s, and in 4-wire mode, the rate adjustment granularity is
128 Kbit/s.
l The MA5600 supports 24-port SHDSL access.
l SHDSL supports a maximum reach of 6 km.
l The MA5600 supports the network timing reference (NTR) clock.
l The MA5600 supports Ethernet and E1/V.35 access.
l The MA5600 supports auto rate adjustment according to the line conditions during the
initialization.
l The MA5600 supports configuration, modification and query of the SHDSL line profile
parameters.
l The MA5600 supports report of the alarms and maintenance messages of the line.
1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
1.3 Principle
This section describes the operating principles of the SHDSL access.
Multiple repeaters can be added to the line between the STU-C and the STU-R.
Terminal Model
Figure 1-2 shows an SHDSL terminal model.
I/F I/F
TPS-TC
PMS-TC
PMS-TC
TPS-TC
Customer
PDM
PDM
Application
interface (s) SRU interface (s)
I/F I/F
...
...
Optional
Optional Optional
l PDM module
Standard Content
l PMS-TC module
Frame synchronization
Scrambling
Descrambling
l TPS-TC layer
The SHDSL board of the MA5600 is based on ATM. The user end supports output from the
Ethernet port (in broadband access) or E1/V.35 port (private line access). In the upstream
direction, the user end is connected to the metropolitan area network (MAN).
1.4 Implementation
This section describes the implementation of the SHDSL access.
For details of the SHDSL access configuration, refer to "SHDSL Service Configuration" in
the MA5600 Configuration Guide.
1.5 Reference
This section describes the references on the SHDSL access.
2 VLAN
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the VLAN.
2.1.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the standard VLAN.
Definition
Virtual local area network (VLAN) is a logical network from end to end in different network
segments or different networks. A VLAN can form a logical sub-network that is a logical but
not physical broadcast domain covering multiple network devices.
The IEEE issued draft IEEE 802.1Q in 1999 aims at standardizing VLAN implementations.
A standard VLAN is a kind of VLAN which contains multiple interconnected standard Ethernet
ports. Logically, all the ports in a standard VLAN are equal.
Purpose
All the Ethernet ports in a standard VLAN can communicate with each other. An Ethernet port
in a standard VLAN is isolated from an Ethernet port in another standard VLAN.
The standard VLAN is primarily used for subtending. The MA5600 supports the Ethernet
subtending networking. Several DSLAMs in different tiers can be subtended through the GE/
FE ports, which can extend the network coverage and satisfy the requirements for large access
capacity.
Specification
The MA5600 supports up to standard VLANs.
The VLAN ID ranges from 1 to 4095. The default VLAN ID of the system is 1.
Limitation
For the MA5600, a standard VLAN can include only the standard Ethernet ports provided by
the SCU board.
Glossary
None
2.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
No additional hardware is required for supporting the standard VLAN.
2.1.3 Principle
This section describes the principles of the standard VLAN.
The standard VLAN can be planned according to the following parameters:
l Port
l MAC address
l Protocol type
l IP address mapping
l Multicast
l Policy
Unless otherwise stated, the VLAN described herein is based on ports, which is a common way
for planning VLANs in the telecom industry.
The standard VLAN strictly complies with the 802.1Q standard. In the IEEE 802.1Q standard,
the format of an Ethernet frame is modified by adding the 4-byte 802.1Q tag between the source
MAC address field and the protocol type field. See Figure 2-1 for details.
802.1Q tag
Destination Source Length/ FCS
PRI/CFI/ Data
address address Type Type (CRC-32)
VID
46 bytes
6 bytes 6 bytes 4 bytes 2 bytes 4 bytes
-1517 bytes
2.1.4 Implementation
This section describes the implementation of the standard VLAN.
The standard VLAN takes effect automatically.
For details of the standard VLAN configurations, refer to "VLAN Configuration" in the
MA5600 Configuration Guide.
2.1.5 Reference
This section describes the references on the standard VLAN.
The following lists the references on the standard VLAN:
l IEEE 802.1q: IEEE standards for Local and metropolitan area networks-Virtual Bridged
Local Area Networks
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
2.2.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the smart VLAN.
Definition
A smart VLAN is a VLAN that contains multiple upstream ports and multiple service virtual
ports. The service ports are isolated from each other in terms of traffic. The upstream ports can
communicate with each other, and the upstream ports and service virtual ports can also
communicate with each other.
Purpose
A smart VLAN can serve multiple xDSL users, thus saving VLAN resources.
Specification
The MA5600 supports up to 4096 smart VLANs. There is no limit to the number of the upstream
ports and that of the service ports in each smart VLAN.
Limitation
Glossary
None
2.2.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
2.2.3 Principle
This section describes the principles of the smart VLAN.
In addition to all the features of a standard VLAN, a smart VLAN has the following features:
l There are two types of ports in the smart VLAN, upstream ports and service ports, which
are not treated equally.
The service ports are isolated from each other in terms of traffic.
The upstream ports can interconnect with each other.
The service port and the upstream port can interconnect with each other.
l The broadcast domain of the upstream port of the smart VLAN covers all the ports of the
VLAN. The broadcast domain of the service port, however, contains only the upstream
port. In contrast, the broadcast domain of each port of the standard VLAN covers all the
ports in the VLAN.
2.2.4 Implementation
This section describes the implementation of the smart VLAN.
For details of the smart VLAN configurations, refer to "VLAN Configuration" in the
MA5600 Configuration Guide.
2.2.5 Reference
This section describes the references on the smart VLAN.
2.3.5 Reference
This section describes the references on the MUX VLAN.
2.3.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the MUX VLAN.
Definition
A MUX VLAN is a VLAN that contains one or more upstream ports, but contains only one
service port. Any two MUX VLANs are isolated.
Purpose
One-to-one mapping can be set up between a MUX VLAN and an access user. Hence, a MUX
VLAN can uniquely identify an access user. The MUX VLAN is used when users are
distinguished according to VLANs.
Specification
Limitation
Glossary
None
2.3.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
2.3.3 Principle
This section describes the principles of the MUX VLAN.
One MUX VLAN corresponds to one service port. Therefore, MUX VLANs can be used to
differentiate the users.
2.3.4 Implementation
This section describes the implementation of the MUX VLAN.
For details of the MUX VLAN configurations, refer to "VLAN Configuration" in the
MA5600 Configuration Guide.
2.3.5 Reference
This section describes the references on the MUX VLAN.
2.4.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the QinQ VLAN.
Definition
QinQ, that is, 802.1Q in 802.1Q, is a visualized name for the tunnel protocol encapsulated based
on IEEE 802.1Q. For a VLAN packet that has the QinQ attribute, it contains two VLAN tags:
inner VLAN tag from the private network and outer VLAN tag from the MA5600.
Through the outer VLAN tag, a layer 2 (L2) VPN tunnel can be set up to transparently transmit
service data from private networks to public networks.
Purpose
The core of QinQ is to encapsulate the VLAN tag of the private network packet to the VLAN
tag of the public network. The packet carrying two VLAN tags in the form of IEEE 802.1Q is
forwarded to the user, after passing the operator's backbone network.
In a word, the QinQ VLAN provides the users with a simple L2 VPN tunnel service, which
extends the coverage of the private network to some extent. The QinQ supports transparently
transmitting the private VLAN to the peer end.
The leased line service herein refers to the private network service that is transparently
transmitted to the peer network end, for example, the Intranet service.
Specification
The MA5600 supports up to 4096 QinQ VLANs.
Limitation
The attribute of the following VLANs cannot be QinQ:
l Super VLAN
l Sub VLAN
l A VLAN containing a L3 interface
l Default VLAN in the system
The ID of the default VLAN is 1, and the default VLAN cannot be deleted but cannot be
modified.
Glossary
None
2.4.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
No additional hardware is required for supporting the QinQ VLAN.
2.4.3 Principle
This section describes the principles of the QinQ VLAN.
Figure 2-2 shows the QinQ VLAN service process of the MA5600.
IP
L2/L3 L2/L3
VLAN3 VLAN2
VLAN3 VLAN1
MA5600 MA5600
Modem Modem
VLAN2 VLAN2
VLAN1
L2 L2
By QinQ VLAN, the MA5600 implements the user interconnection of the same private network
(VLAN 1 or VLAN 2) in different areas. The following describes the service process.
1. The user PC sends an untagged packet.
2. The LAN switch adds the VLAN tag (VLAN 1 or VLAN 2) of the private network to the
packet, and then sends the packet to the MA5600.
3. The MA5600 adds the VLAN tag (VLAN 3) of the public network to the packet, and then
sends the packet to the upper layer network.
4. The upper layer network device transmits the packet based on the VLAN tag of the public
network.
5. Upon receiving the packet, the peer end MA5600 extracts the VLAN tag of the public
network, and then sends the packet to the LAN switch.
6. The LAN switch identifies and extracts the VLAN tag of the private network, and then
sends the packet to the user in the VLAN of the private network.
In this way, users 1 and 2 in VLAN 1 can interconnect with each other, and users 3 and 4 in
VLAN 2 can interconnect with each other.
2.4.4 Implementation
This section describes the implementation of the QinQ VLAN.
The QinQ VLAN takes effect automatically.
For details of the QinQ VLAN configurations, refer to "VLAN Configuration" in the
MA5600 Configuration Guide.
2.4.5 Reference
This section describes the references on the QinQ VLAN.
The following lists the references on the QinQ VLAN:
l IEEE 802.1q: IEEE standards for Local and metropolitan area networks-Virtual Bridged
Local Area Networks.
l IEEE P802.1ad: Virtual Bridged Local Area Networks Amendment 4: Provider Bridges
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
2.5.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the VLAN stacking.
Definition
The core theory of the VLAN stacking is to add two VLAN tags in the form of IEEE 802.1Q to
the user packet that has no tag. The packet carrying two VLAN tags is forwarded to the broadband
remote access server (BRAS) for authentication after passing the operator's backbone network.
Alternatively, when the packet is forwarded to the BRAS, the outer VLAN tag is extracted, and
the inner VLAN tag is used to identify the user.
Purpose
For a VLAN packet that has the stacking attribute, it contains two VLAN tags: inner VLAN tag
and outer VLAN tag allocated by the MA5600.
The VLAN stacking feature can be used to improve the reuse of the network-side VLAN and
used for the wholesale service.
l The outer VLAN tag is used to identify the Internet Service Provider (ISP) to which the
user belongs, and the inner VLAN tag is used to identify the user. In this way, different
users can get access to their own ISPs.
The wholesale service refers to a service in which users can be connected to their own ISPs in
batches according to the specified rules when there are multiple ISPs in the L2 MAN.
Specification
The MA5600 supports up to 4096 VLANs configured with the attribute of VLAN stacking.
Limitation
Glossary
None
2.5.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
2.5.3 Principle
This section describes the principles of the VLAN stacking.
If the VLAN stacking is used to increase the VLAN quantity and identify users, the BRAS is
required. If the VLAN stacking is used to provide the multi-ISP whole sale service, the upper
layer network should work in L2 mode to forward user packets based on VLAN and MAC
address directly.
Figure 2-3 shows the VLAN stacking service process of the MA5600.
ISP1 ISP2
MAN
SP VLAN 2 C VLAN 1
SP VLAN 1 C VLAN 1
L2/L3
MA5600
Modem
Modem
Enterprise Enterprise
A B
NOTE
By different VLAN stackings, the MA5600 connects the users of enterprise A to ISP1, and the
users of enterprise B to ISP2. The following describes the service process.
2.5.4 Implementation
This section describes the implementation of the VLAN stacking.
For details of the VLAN stacking configurations, refer to "VLAN Configuration" in the
MA5600 Configuration Guide.
2.5.5 Reference
This section describes the references on the VLAN stacking.
The following lists the references on the VLAN stacking:
l IEEE 802.1q: IEEE standards for Local and metropolitan area networks-Virtual Bridged
Local Area Networks.
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
2.6.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the super VLAN.
Definition
Super VLAN, also known as VLAN aggregation, concerns the concept of both sub VLAN and
super VLAN.
A super VLAN is a kind of VLAN that contains only sub VLANs but does not contain any
physical port or service port.
A sub VLAN can be a smart VLAN, or a MUX VLAN. A sub VLAN contains only physical
ports and service ports, and the L3 VLAN interface cannot be established on the sub VLAN. All
the sub VLANs contained in a super VLAN share the L3 interface of this super VLAN to
communicate with the upper layer network device.
Purpose
The super VLAN is used to save the IP address resource and improve the service efficiency of
the IP addresses.
Specification
The MA5600 supports the following super VALN specifications:
l The MA5600 supports 16 super VLANs, each of which supports up to 1024 sub VLANs.
l The L3 interface can be established on a super VLAN, and the ARP proxy function can be
enabled or disabled on the L3 interface.
Limitation
If a sub VLAN contains any trunk port, the sub VLAN cannot join a super VLAN.
Glossary
None
2.6.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
No additional hardware is required for supporting the super VLAN.
2.6.3 Principle
This section describes the principles of the super VLAN.
Figure 2-4 shows the super VLAN service process of the MA5600.
User B1 VLAN 2
10.10.10.20/24
User B2
10.10.10.21/24 VLAN 3
User C1 MA5600
10.10.10.30/24
User C2
10.10.10.31/24
User groups A, B, and C are in different VLANs. Because the broadcast packets are isolated
between the VLANs, the user groups cannot communicate with each other. That means the user
groups are isolated at L2.
The L3 interface technology is used to enable communication between the hosts of different
VLANs, provided that the hosts are in different subnets. In this example, however, the user
groups are in the same subnet for saving IP addresses. Hence, a super VLAN can be adopted for
communication between different VLANs.
The L3 interface can be associated with the physical port by mapping the super VLAN to the
sub VLAN. Because all sub VLANs contained in a super VLAN share the L3 interface of this
super VLAN, the hosts in different sub VLANs can share the gateway of this super VLAN. In
this way, the standard VLAN feature is implemented and the IP address resource is saved at the
same time.
2.6.4 Implementation
This section describes the implementation of the super VLAN.
For details of the super VLAN configurations, refer to "VLAN Configuration" in the
MA5600 Configuration Guide.
2.6.5 Reference
This section describes the references on the super VLAN.
3 DHCP Relay
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the DHCP relay.
3.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of the DHCP relay.
3.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
3.3 Principle
This section describes the operating principles of the DHCP relay.
3.4 Implementation
This section describes the implementation of the DHCP relay.
3.5 Reference
This section describes the references on the DHCP relay.
3.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of the DHCP relay.
Definition
The Dynamic Host Configuration Protocol (DHCP) relay is a process in which cross-subnet
forwarding of DHCP broadcast packets is implemented between the DHCP client and the DHCP
server. In this way, the DHCP clients in different physical subnets can obtain correct IP addresses
which can be dynamically allocated from the same DHCP server.
Purpose
The DHCP works in client-server mode.
l The DHCP client dynamically requests the configuration data from the DHCP server.
l The DHCP server dynamically provides the data including the IP address to the client.
Initially, the DHCP was only suitable for the applications where the DHCP client and the DHCP
server were located on the same subnet and could not work across the subnet. In this case, each
subnet had to be configured with a DHCP server, which was uneconomical.
The introduction of the DHCP relay solves this problem. The DHCP relay serves as a relay
between the DHCP client and the DHCP server, which are located on different subnets. With
the DHCP relay, the DHCP packets can be relayed to the destination DHCP server or client
across subnets. In this way, multiple DHCP clients on different networks can use the same DHCP
server. This is economical and convenient for centralized management.
Specification
The MA5600 supports the following DHCP relay specifications:
l Up to 20 DHCP server groups, with an active DHCP server and a standby DHCP server in
each group
l Selection of a DHCP server in three modes:
Standard mode
DHCP Option60 mode
MAC address segment mode
l Up to 128 DHCP Option60 domains
A domain name is a case-insensitive character string of 132 characters.
l Up to 128 MAC address segments
The name of a MAC address segment is a case-insensitive character string of 132
characters.
Limitation
The DHCP relay is enabled globally. The DHCP relay based on a board or a port is not supported.
Glossary
None
3.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
3.3 Principle
This section describes the operating principles of the DHCP relay.
When a DHCP client starts up and initializes DHCP, it broadcasts configuration request packets
on the LAN.
If there is a DHCP server on the LAN, no DHCP relay is required because the DHCP server can
directly configure DHCP for the DHCP clients on the LAN.
If there is no DHCP server on the LAN, the DHCP relay function should be enabled on the
MA5600. The DHCP relay processes the received broadcast packets from the DHCP client as
follows:
1. Selects the DHCP server group in a specified mode.
2. Converts the received broadcast packets into unicast IP packets.
3. Forwards the converted packets to the selected DHCP server group.
The DHCP server group that the MA5600 supports can be selected in the following three modes:
This mode differentiates users by the domain information of the packets. It is a commonly
used DHCP relay mode and can differentiate the service types in the same VLAN.
l MAC address segment
It is a mode in which a DHCP server group is selected according to the source MAC address
of the DHCP packets. In this mode, you must configure the MAC address segment and the
DHCP server group bound with the MAC address segment in advance.
This mode differentiates users by the source MAC address segment of the packets and can
differentiate the service types in the same VLAN.
The DHCP server configures the DHCP client according to the received configuration request,
and forwards the configuration data to the DHCP client through the DHCP relay. In this way,
the DHCP server dynamically configures the DHCP client.
Internet
DHCP client
MA5600
DHCP server
DHCP client
3.4 Implementation
This section describes the implementation of the DHCP relay.
The DHCP relay feature takes effect automatically. For details of the DHCP relay configuration,
refer to "DHCP Relay Configuration" in the MA5600 Configuration Guide.
3.5 Reference
This section describes the references on the DHCP relay.
4 ARP Proxy
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the ARP proxy.
4.1 ARP
This section describes the ARP feature and its implementation on the MA5600.
4.2 ARP Proxy
This section describes the ARP proxy feature and its implementation on the MA5600.
4.1 ARP
This section describes the ARP feature and its implementation on the MA5600.
4.1.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the ARP.
4.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
4.1.3 Principle
This section describes the operating principles of the ARP.
4.1.4 Implementation
This section describes the implementation of the ARP.
4.1.5 Reference
This section describes the references on the ARP.
4.1.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the ARP.
Definition
Address Resolution Protocol (ARP) is a protocol used to convert an IP address to a MAC address.
It belongs to the TCP/IP protocol suite.
Purpose
The IP address represents only the network layer address of a host. If a host in a network needs
to send the network layer data to a destination host, the host must know the physical address
(MAC address) of the destination host. Therefore, an IP address has to be translated into a MAC
address. ARP is used for translating an IP address to a MAC address.
Specification
Glossary
None
4.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
No additional hardware is required for supporting the ARP.
4.1.3 Principle
This section describes the operating principles of the ARP.
Implementation of ARP
ARP enables two hosts in a network to interconnect with each other at L2.
Assume that there are two PCs: host A and host B with IP addresses IP_A and IP_B respectively.
Host A sends messages to host B in the following way:
1. Host A checks its ARP mapping list for the ARP mapping entry of IP_B.
2. If host A finds the MAC address of host B, host A encapsulates the IP data packets according
to the MAC address and then sends them to host B.
3. If host A does not find the MAC Address of host B, host A puts the data packets in the ARP
waiting queue, initiates an ARP request, and then broadcasts it on the Ethernet. The ARP
request contains the IP address of host B and the IP address and MAC address of host A.
4. As the ARP request is broadcast, all the hosts on the Ethernet can receive it. Only the
requested host (host B), however, responds to the request.
5. Host B stores the IP and MAC addresses of the request initiator (host A) contained in the
request, in its own ARP mapping list.
6. Host B returns an ARP response containing the MAC address of host B to host A. Such a
response is no longer broadcast, but sent to host A directly.
7. After receiving the response, host A extracts the IP address and MAC address of host B,
and adds them to its own ARP mapping list. After that, host A transmits all the data packets
in the waiting queue destined for host B.
In general, the dynamic ARP is needed. The static ARP is needed only when you need to
manually adjust the ARP entries.
A static ARP entry takes effect when the MA5600 works, while the aging time for a dynamic
ARP entry is 20 minutes.
4.1.4 Implementation
This section describes the implementation of the ARP.
For details of the ARP configuration, refer to "ARP&ARP Proxy Configuration" in the
MA5600 Configuration Guide.
4.1.5 Reference
This section describes the references on the ARP.
l IETF RFC 826: An Ethernet Address Resolution Protocol or Converting Network Protocol
Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
4.2.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the ARP proxy.
4.2.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
4.2.3 Principle
This section describes the operating principles of the ARP proxy.
4.2.4 Implementation
This section describes the implementation of the ARP proxy.
4.2.5 Reference
This section describes the references on the ARP proxy.
4.2.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the ARP proxy.
Definition
When a host sends an ARP request to another host, the request is processed by the access device
connected to the two hosts. This process is called ARP proxy.
Purpose
On the MA5600, ARP proxy is often used for interconnection between sub VLANs in a super
VLAN.
Specification
The MA5600 supports ARP proxy.
Limitation
By default, ARP proxy is disabled. This feature is enabled only when it is enabled both in global
mode and under the VLAN interface.
Glossary
None
4.2.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
No additional hardware is required for supporting the ARP proxy.
4.2.3 Principle
This section describes the operating principles of the ARP proxy.
Figure 4-1 shows the implementation of the ARP proxy.
Communication
Super VLAN
Isolation
PC1 PC2
IP: 1.1.1.2/24 IP: 1.1.1.15/24
MAC: 00-e0-fc-00-00-02 MAC: 00-e0-fc-00-00-15
As shown in Figure 4-1, PDC 1 is in sub VLAN 1, and PC 2 is in sub VLAN 2. They are isolated
at L2. PC 1, PC 2 and the virtual L3 interface are in the same subnet.
1. Because PC 1 and PC 2 are in the same subnet, when PC 1 attempts to send packets to PC
2, PC 1 broadcasts ARP packets directly to request the MAC address of PC 2. Because PC
1 and PC 2 are in different broadcast domains, PC 1 does not receive the ARP response
packet from PC 2.
2. When the MA5600 with the ARP proxy enabled receives the ARP request packets, the
MA5600 sends the MAC address of its virtual L3 interface to PC 1, and searches its ARP
mapping list for the MAC address of PC 2.
3. If the ARP mapping list contains the MAC address of PC 2, the implementation of the ARP
proxy is complete, and the packets from PC 1 can be forwarded to PC 2 through the virtual
L3 interface.
4. If the ARP mapping list does not contain the MAC address of PC 2, the MA5600 broadcasts
the ARP request packets through its virtual L3 interface to request the MAC address of PC
2.
5. When the MA5600 receives the ARP response packets from PC 2, the MA5600 adds the
MAC address of PC 2 to its ARP mapping list. After this, the implementation of the ARP
proxy is complete, and PC 1 and PC 2 communicate with each other through the
MA5600.
4.2.4 Implementation
This section describes the implementation of the ARP proxy.
For details of the ARP proxy configuration, refer to "ARP&ARP Proxy Configuration" in the
MA5600 Configuration Guide.
4.2.5 Reference
This section describes the references on the ARP proxy.
The following lists the references on the ARP proxy:
l IETF RFC1027: Using ARP to Implement Transparent Subnet Gateways
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
5 ACL
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the ACL.
5.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of the ACL.
5.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
5.3 Principle
This section describes the operating principles of the ACL.
5.4 Implementation
This section describes the implementation of the ACL.
5.5 Reference
This section describes the references on the ACL.
5.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of the ACL.
Definition
The access control list (ACL) is used to filter the specific data packets based on a series of
matching rules contained in the ACL, and therefore identifies the filtering objects. After the
filtering objects are identified, the corresponding data packets are permitted to pass or discarded
based on the preset rules.
Purpose
The packet filtering based on the ACL is the prerequisite for carrying out quality of service
(QoS). The ACL together with QoS improves the system security.
Specification
The MA5600 supports the following ACL specifications:
l ACLs are numbered from 2000 to 5999, and up to 4000 ACLs can be defined. Each ACL
can have 64 rules. Table 5-1 describes the four types of ACLs.
l The user can configure matching of the first 80 bytes in the packet based on the rules.
Multiple fields can be configured at the same time.
l Up to 1024 ACLs can be activated and validated for the MA5600.
Standard ACL 20002999 It allows definition of the rule according to the L3 source
IP address.
The rules of a standard ACL are defined only according
to the L3 source IP address for analyzing and processing
data packets.
Limitation
The ACLs activated earlier have lower priorities, while the ACLs activated later have higher
priorities.
Glossary
None
5.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
5.3 Principle
This section describes the operating principles of the ACL.
The system matches and processes the input packets according to the ACLs:
l If the packets match the ACLs, they are forwarded for further processing, such as:
Packet filtering
Priority tagging
Traffic limiting
Port rate limiting
Traffic statistics
Packet redirection
Packet mirroring
Eventually, the packets are forwarded and generated.
l The MA5600 discards or forwards the packets that do not match the ACLs.
Packet filtering
Priority tagging
Traffic limiting
Port rate limiting
l Packet filtering
The system determines whether or not to discard the packets depending on whether the
packets match the ACLs.
l Priority tagging
The system tags priority on the packets that match the ACLs. The tags include the ToS,
DSCP and 802.1p tags.
l Traffic limiting
The system limits the rate of the packets that match the ACLs.
l Port rate limiting
The system limits the rate for the packet transmission on an Ethernet port.
l Traffic statistics
The system collects statistics on the packets that match the ACLs.
l Packet redirection
The system redirects the packets that match the ACLs to another port (that is, the original
destination port no longer receives or forwards the packets).
l Packet mirroring
The system mirrors the packets that match the ACLs to another port (that is, the packets
are duplicated to another port).
5.4 Implementation
This section describes the implementation of the ACL.
For details of the ACL configuration, refer to "ACL Configuration" in the MA5600
Configuration Guide.
5.5 Reference
This section describes the references on the ACL.
The following lists the references on the ACL:
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
6 QoS
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the QoS.
6.1 Overview
This section describes the QoS feature and its implementation on the MA5600.
6.2 PQ
This section describes the features of the PQ on the MA5600.
6.3 WRR
This section describes the features of the WRR on the MA5600.
6.1 Overview
This section describes the QoS feature and its implementation on the MA5600.
6.1.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the QoS feature.
6.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
6.1.3 Principle
This section describes the operating principles of the QoS feature.
6.1.4 Implementation
This section describes the implementation of the QoS feature.
6.1.5 Reference
This section describes the references on the QoS feature.
6.1.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the QoS feature.
Definition
QoS refers to setting different QoS parameters, such as service availability, time delay, jitter,
and loss rate, so as to provide users with high quality services.
Purpose
QoS aims at utilizing the limited network resources by providing differentiated qualities for
different services.
Specification
l 802.1p re-marking
l Up to eight queues (corresponding to eight service streams) for each port on control board
(service boards support up to four queues.)
l The queue scheduling methods such as:
Strict priority queuing (PQ)
Weighted round robin (WRR)
The service boards support PQ only.
l Flexible queue mapping
Glossary
Availability Availability refers to the percentage of time available for the users
to use the service to the total time for service provisioning.
Delay Delay refers to the time lag caused for a signal by the medium
through which it is passing, resulting in a distortion of the signal.
Jitter Jitter refers to the variation in the time taken for packets to be
delivered to an endpoint or network entity.
Packet loss ratio Packet loss ratio refers to the ratio of the number of packets lost
during the transmission between two reference points to that of
packets sent. Packet loss is caused by network congestion.
PQ Priority queuing
6.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
No additional hardware is required for supporting the QoS.
6.1.3 Principle
This section describes the operating principles of the QoS feature.
The QoS can be implemented through the following strategies:
l Flexible configuration of the packet priority based on the flow:
Trusting user 802.1p. (If the user packet does not have the 802.1p tag, 3 is selected)
Trusting user ToS. (If the user packet does not have the ToS tag, 3 is selected)
Trusting the default flow ToS. (The priority of the packet ToS determines which queue
the packet has to enter).
6.1.4 Implementation
This section describes the implementation of the QoS feature.
For details of the QoS configuration, refer to "QoS Configuration" in the MA5600
Configuration Guide.
6.1.5 Reference
This section describes the references on the QoS feature.
6.2 PQ
This section describes the features of the PQ on the MA5600.
6.2.1 Introduction
This section describes the definition, purpose and specification of the PQ feature.
6.2.2 Principle
This section describes the operating principles of the PQ feature.
6.2.1 Introduction
This section describes the definition, purpose and specification of the PQ feature.
Definition
By PQ, each queue is given with a different priority. During the scheduling, the packets in the
highest-priority queue are served first, and then the packets in the next lower-priority queue are
served. PQ handles the packets of different queues by strictly following the order from higher
priorities to lower priorities. The packets in the queue of the lower priority are sent only when
a queue of the higher priority becomes empty.
Purpose
PQ addresses the problem that multiple service streams contend for the resources during network
congestion.
Specification
Each port supports up to eight priority queues (numbered 0-7). 0 indicates the lowest priority
queue and 7 indicates the highest priority queue.
6.2.2 Principle
This section describes the operating principles of the PQ feature.
PQ aims at giving a strict priority to the important traffic. The important traffic is given
preferential and fast treatment in case of network congestions.
In PQ, the packets are placed in queues of different priorities. The traffic with a higher priority
gets preference over that of a lower priority. Therefore, packets in queues of a higher priority
are sent first. When a queue of higher priority is empty, the packets in the queue of a lower
priority are sent then.
High
Packets leaving the port
Medium
Classifying
Normal
Packets entering the port Queue scheduling
Low
In this way, the important traffic (such as voice service) with a higher priority gets preference
over that of a lower priority. Therefore, mission-critical traffic is served earlier than the non-
mission-critical traffic (such as E-mail service). The non-mission-critical traffic will be sent
using idle intervals during transmission of the mission-critical traffic.
A disadvantage of PQ is that, during network congestion, the lower priority traffic might be
discarded after waiting for a long time if there is large higher-priority traffic.
6.3 WRR
This section describes the features of the WRR on the MA5600.
6.3.1 Introduction
This section describes the definition, purpose and specification of the WRR feature.
6.3.2 Principle
This section describes the operating principles of the WRR feature.
6.3.1 Introduction
This section describes the definition, purpose and specification of the WRR feature.
Definition
By WRR, each queue is assigned with a weighted value, representing the number of packets
serviced in one cycle queue. One packet is sent in one scheduling. WRR guarantees that the
bandwidth used by different queues is consistent with the preset ratio.
Purpose
WRR addresses the problem that multiple service streams contend for the resources during
network congestion.
Specification
Each port supports up to eight priority queues, numbered 0-7 in ascending order.
6.3.2 Principle
This section describes the operating principles of the WRR feature.
WRR scheduling ensures that certain services for each queue by polling scheduling among
different queues.
Assume that each port has four priority queues. By WRR each queue is assigned with a weighted
value among w3, w2, w1 and w0 in descending order. The weighted value indicates the ratio of
resources that one queue can get.
Take a 100 Mbit/s port as an example. Assign 13, 10, 8 and 5 (corresponding to w3, w2, w1 and
w0 respectively) to the weighted value of its WRR algorithm to . This aims at guaranteeing the
minimum bandwidth of 14 Mbit/s to the queue of the lowest priority. In this way, the packets in
the queue of the lowest priority can be served.
The advantages of WRR algorithm are as follows:
l The undeserving long-time waiting that might occur can be avoided by using the PQ
algorithm.
l Time allocated to each WRR queue is not fixed. When no traffic is available in one queue,
the bandwidth resource is switched to the next queue immediately. Therefore, the
bandwidth resource is efficiently used.
7 RSTP
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the RSTP.
7.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of the RSTP.
7.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
7.3 Principle
This section describes the operating principles of the RSTP.
7.4 Implementation
This section describes the implementation of the RSTP.
7.5 Reference
This section describes the references on the RSTP.
7.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of the RSTP.
Definition
The Spanning Tree Protocol (STP) applies to a loop network to support path redundancy through
certain algorithms. The STP also prunes a loop network into a loop-free tree network. This avoids
proliferation and infinite loop of packets in the loop network.
The Rapid Spanning Tree Protocol (RSTP) is an improvement on the STP. The rapidness of the
RSTP relies on the greatly shortened delay for the designated port and the root port to turn into
the forwarding state in a certain condition. For details, refer to the RSTP principles in "7.3
Principle." This shortens the time for stabilizing the network topology.
Purpose
Although the STP can prune a loop network into a loop-free network, it fails to transit fast. Even
a port in a point-to-point link or an edge port has to wait double Forward Delay time before it
can turn into the forwarding state.
The RSTP can remedy the defects of the STP and processes all the functions of the STP. The
RSTP also features fast convergence.
l All the bridges in a local are network (LAN) share a same spanning tree, and fail to block
redundant links by VLAN.
l The packets of all the VLANs are forwarded along the same spanning tree. Therefore, load
sharing of data traffic cannot be implemented between VLANs.
Specification
Glossary
None
7.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
7.3 Principle
This section describes the operating principles of the RSTP.
The STP determines the topology of a network by transmitting a certain special message
(configuration message as defined in IEEE 802.1D) between bridges. A configuration message
contains sufficient information to enable the bridge to complete the calculation of the spanning
tree.
The following defines the designated port and the designated bridge:
l For a bridge (such as bridge A), the designated bridge is a bridge that is directly connected
to bridge A and forwards data packets to bridge A. The designated port is the port in the
designated bridge through which the data packets are forwarded to bridge A.
l For a LAN, the designated bridge is a bridge that forwards data packets to the LAN. The
designated port is the port in the designated bridge through which the data packets are
forwarded to the LAN.
Figure 7-1 shows a schematic drawing of the designated bridge and the designated port.
AP1 AP2
BP1 CP1
SwitchC
Switch B
Priority: 2
Priority: 1
CP2
BP2
LAN
upstream designated port, and the designated port has to wait double Forward Delay time
before it can forward the data packets.
l A port that is directly connected to a terminal and is not connected to any other bridge is
defined as an edge port. The edge port can directly turn into the forwarding state without
delay. Because a bridge does not know whether a port is directly connected to a terminal,
the edge port must be configured manually.
The bridges that adopt the RSTP are compatible with the bridges that adopt the STP. The bridges
that adopt the RSTP can identify both the STP and the RSTP packets and apply them to
calculation of the spanning tree.
7.4 Implementation
This section describes the implementation of the RSTP.
The RSTP feature takes effect automatically. For details of the RSTP configuration, refer to
"RSTP Configuration" in the MA5600 Configuration Guide.
7.5 Reference
This section describes the references on the RSTP.
The following lists the references on the RSTP:
8 NTP
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the NTP.
8.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the NTP.
8.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
8.3 Principle
This section describes the operating principles of the NTP.
8.4 Implementation
This section describes the implementation of the NTP.
8.5 Reference
This section describes the references on the NTP.
8.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the NTP.
Definition
The Network Time Protocol (NTP) is an application layer protocol in the TCP/IP protocol suite.
The NTP is used to synchronize the time between the distributed time server and the client. The
implementation of NTP is based on the IP and the UDP.
The NTP involves the Time Protocol and the ICMP timestamp message, with special design on
accuracy and robustness.
Purpose
The NTP defines the accurate time in an entire network. Because the network topology is
complicated, the clock synchronization among all the devices in the entire network becomes
more critical.
The objective of the NTP is to synchronize the clocks of all the devices in a network which have
clocks. This keeps time consistency among all the devices in the network. Therefore, the
equipment can offer various applications based on the clock synchronization.
The MA5600 supports the NTP feature to guarantee that the clocks of all the devices in a network
are consistent.
Specification
l NTP Version3
l NTP client/server mode
l NTP LAN broadcast mode
l NTP multicast mode
l NTP peer mode
l Clock filtering and selection
l Local clock calibration
l Clock source priority selection
l Support of the reference clock
l NTP security features
l Up to 128 peers in a static configuration
l Up to 100 peers in a dynamic configuration
Glossary
Timestamp Each NTP packet contains four timestamps. The timestamp is the basis
in the NTP for implementing clock synchronization.
Clock filtering Clock filtering is the selection of a best time sample from a specified
peer as for the same peer for the local clock.
Clock selection For different peers (multiple servers or peers configured for a client),
a peer sends clock synchronization packets to each server or passive
peer. After receiving the response packets, it selects the best clock for
clock synchronization according to the clock selection algorithm.
8.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
No additional hardware is required for supporting the NTP.
8.3 Principle
This section describes the operating principles of the NTP.
Figure 8-1 shows the operating principles of the NTP. The process in which the NTP works is
as follows:
MA5600 Router
Network
Step1:
Network
Step 2:
Network
Step 3:
Network
Step 4:
1. The MA5600 sends an NTP packet to the router. This packet contains the timestamp when
it leaves the MA5600. The timestamp is 10:00:00 am (T1).
2. When the NTP packet arrives at the router, the router adds its timestamp to the packet. The
timestamp is 11:00:01 am (T2).
3. When the NTP packet leaves the router, the router adds another timestamp to the packet.
The timestamp is 11:00:02 am (T3).
4. When the MA5600 receives the response packet, it adds a new timestamp to the packet.
The timestamp is 10:00:03 am (T4).
Now, the MA5600 has sufficient information to calculate two important parameters:
l The delay for a round trip of the NTP packet = (T4 - T1) - (T3 - T2).
l Offset between the MA5600 and the router = ((T2 - T1) + (T3 - T4))/2
In this way, the MA5600 can set its clock according to the information and thus keeps its clock
synchronized with that of the router.
8.4 Implementation
This section describes the implementation of the NTP.
For details of the NTP configuration, refer to "NTP Configuration" in the MA5600
Configuration Guide.
8.5 Reference
This section describes the references on the NTP.
The following lists the references on the NTP:
9 Multicast
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the multicast.
9.1 Overview
This section describes the basic features of the multicast on the MA5600.
9.2 IGMP Snooping
This section describes the features of the IGMP snooping on the MA5600.
9.3 IGMP Proxy
This section describes the features of the IGMP proxy on the MA5600.
9.4 Program Management
This section describes the features of the program management on the MA5600.
9.5 User Management
This section describes the features of the user management on the MA5600.
9.1 Overview
This section describes the basic features of the multicast on the MA5600.
9.1.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of multicast.
9.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
9.1.3 Principle
This section describes the operating principles of multicast.
9.1.4 Implementation
This section describes the implementation of multicast.
9.1.5 Reference
This section describes the references on multicast.
9.1.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of multicast.
Definition
Multicast refers to the point-to-multipoint communication between a certain node and all other
nodes in the network.
Controllable multicast allows an access device to determine if a user has the authority to watch
programs by identifying the user request packets. In this way, the access device controls and
forwards the multicast services.
Purpose
The MA5600 provides the IPTV service by adopting the multicast technology.
By adopting controllable multicast, the access device manages and controls multicast users. This
satisfies carriers' requirements for video services provisioning, and enables the multicast services
to be operable and manageable.
The core of the multicast technology is duplication of the packets at the place nearest to the
receiver, thus lowering the multicast traffic in the network.
Specification
The MA5600 supports the following multicast specifications:
l IGMP V1/V2
l IGMP proxy
l IGMP snooping
l Tree network
l RSTP ring network
l Configuration based on right profile and user right
l Controllable multicast, including program management, and user management
Glossary
None
9.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
No additional hardware is required for supporting the multicast technology.
9.1.3 Principle
This section describes the operating principles of multicast.
Layer 2 forwarding is adopted for the multicast application on the access equipment. The
MA5600 forwards the data based on the VLAN and MAC address of the multicast. Figure
9-1 shows the typical tree multicast network.
In a ring network, the device enabled with the RSTP supports path redundancy using certain
algorithms, and dynamically prunes the ring network into a loop-free tress network.
Home
Home
gateway
gateway
STB STB
9.1.4 Implementation
This section describes the implementation of multicast.
For details of the multicast configuration, refer to "Multicast Service Configuration" in the
MA5600 Configuration Guide.
9.1.5 Reference
This section describes the references on multicast.
l RFC 3376: B. Cain., "Internet Group Management Protocol, Version 3 ", RFC
3376,October 2002
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
9.2.1 Introduction
This section describes the definition, purpose, specification and limitation of IGMP snooping.
9.2.2 Principle
This section describes the operating principles of IGMP snooping.
9.2.1 Introduction
This section describes the definition, purpose, specification and limitation of IGMP snooping.
Definition
IGMP snooping is a multicast control mechanism that works at the data link layer. It is used to
mouse the IGMP packet, generate and maintain the multicast forwarding entries.
Purpose
The MA5600 supports IGMP snooping feature to support the multicast management in the L2
network, user authentication and multicast control, thus effectively restraining the spread of the
multicast data in L2.
Specification
The MA5600 supports the following IGMP snooping specifications:
l IGMP V1/V2 IGMP Proxy
l A querier that supports the general query and group-specific query mechanism
A querier that supports the general query and group-specific query mechanism
Limitation
None
9.2.2 Principle
This section describes the operating principles of IGMP snooping.
l Process for a multicast user to get online and offline
In IGMP snooping mode, the MA5600 switches the packets for joining and leaving a
multicast group to the program VLAN, and then forwards the packets to the multicast router.
In IGMP snooping mode, the MA5600 acts as a querier. Upon receiving the query packets
from the multicast router, the MA5600 sends a query packet to the user. If there is no
response within the specified duration, the MA5600 deletes the local multicast forwarding
entry. Consequently, the multicast router deletes the forwarding entry from its own
database.
Upon receiving a users leave packet, the upper layer router sends a group-specific query
packet to the user. If there is no response from the user within a specified duration, the
router deletes the user from the multicast group.
l Snooping report proxy and leave proxy
When a user gets online and sends a request packet for joining a program, the MA5600
switches the packet to multicast VLAN and then forwards it to the multicast router. The
subsequent request packets from the user for joining the program are not forwarded to the
multicast router.
When the user gets offline, the MA5600 forwards only the last leave packet to the multicast
router to tell it not to send any more multicast traffic.
If report proxy is enabled, the MA5600 responds to the query of the multicast router.
9.3.1 Introduction
This section describes the definition, purpose, specification and limitation of IGMP proxy.
9.3.2 Principle
This section describes the operating principles of IGMP proxy.
9.3.1 Introduction
This section describes the definition, purpose, specification and limitation of IGMP proxy.
Definition
IGMP proxy means that in some network topologies, the device does not set up the multicast
routes, but learns the information on the connected multicast group members and forwards it to
the upstream multicast router.
Purpose
IGMP proxy enables the L2 device to support multicast service. In addition, it decreases the
packets for joining and leaving a multicast group, thus lowering the multicast traffic at the
network side.
Specification
Limitation
None
9.3.2 Principle
This section describes the operating principles of IGMP proxy.
The IGMP proxy implementation is as follows:
1. When an IGMP user intends to order a video program, the user must send an IGMP request
to the IGMP proxy for joining the multicast group corresponding to the program.
2. Upon receiving the request, the MA5600 forwards the request packet to the multicast router
for applying for multicast traffic if the user is the first one to watch the program. If the
multicast traffic is being delivered, the MA5600 forwards the traffic directly to the user.
3. The MA5600 sends general query packets to all online IGMP users at regular intervals. If
it fails to receive any response from a user within a certain period, it considers that the user
has left the multicast group, and deletes the user from the multicast group. If the user is the
last one in the group, the MA5600 sends leave packets to the multicast router.
4. Meanwhile, when receiving a general query from the multicast router, the MA5600 reports
the current multicast state to the router.
9.4.1 Introduction
This section describes the definition, purpose, specification and limitation of program
management.
9.4.2 Principle
This section describes the operating principles of program management.
9.4.1 Introduction
This section describes the definition, purpose, specification and limitation of program
management.
Definition
Program management indicates the management of program attributes, including the program
bandwidth and preview parameters.
Purpose
Specification
The MA5600 supports:
l Preview parameters
l Up to 1024 static programs
l Prejoin of a static program
l Setting the priority of a static program
l Setting the bandwidth of a static program
Limitation
To preview a program, a multicast user must have the right to preview the program.
9.4.2 Principle
This section describes the operating principles of program management.
Program management includes program preview, program prejoin, program priority, and
program bandwidth.
Preview
The program preview is to control the times, duration, and interval for a user to watch a program.
This allows the user to have basic knowledge about the program, but does not have the right to
watch the complete program.
A user with the preview authority can preview the program only for a fixed duration. When the
duration expires, the user gets offline. After the preview interval, the user can preview the
program again. The user cannot preview a program for more than the number of times specified.
Prejoin
The program prejoin feature enables the MA5600 to send request packets to the multicast router
for joining a multicast group if there is no online user. This helps in delivering the multicast
traffic to the MA5600 in advance, thus shortening the wait time for a user to order a program.
Priority
When forwarding multicast traffic, the MA5600 schedules the traffic on the user port according
to the specified priority. This guarantees the quality of the program.
Bandwidth
The connection access control (CAC) at the network side is supported. The CAC at the network
side is based on the total bandwidth occupied by the online programs of an upstream port. The
bandwidth determines whether a new program can be played. If the bandwidth occupied by the
online programs and that of a new program exceeds the specified CAC, the user cannot play the
new program.
9.5.1 Introduction
This section describes the definition, purpose and specification of user management.
9.5.2 Principle
This section describes the operating principles of user management.
9.5.1 Introduction
This section describes the definition, purpose and specification of user management.
Definition
User management indicates the configuration of valid multicast users, authentication of the users
when they log in, and CAC bandwidth checks.
Purpose
User management pertains to preventing illegal users from watching controlled programs.
Specification
l The management of xDSL multicast users means the management of physical ports on a
service board.
l The IGMP bearer channel and multicast service bearer channel of a multicast user can be
defined separately.
l Up to 2000 authority profiles can be configured.
l The program authority can be any one of watch, preview, forbidden and idle.
l A multicast user can be bound with up to 256 authority profiles.
l The fast leave feature is supported.
l A multicast user can watch up to eight programs concurrently.
9.5.2 Principle
This section describes the operating principles of user management.
Multicast CAC
Multicast CAC indicates the bandwidth of a subscriber line for bearing multicast programs.
When joining a multicast group, a user is allocated with the program bandwidth. The
MA5600 checks if the user bandwidth is sufficient for playing a program. If yes, the user can
order the program. If not, the user fails to order the program.
Fast Leave
Fast leave indicates that the MA5600 deletes a user from a multicast group without any query
if it receives the IGMP leave packet.
Program Authority
The program authority is defined in an authority profile. You can control the authorities by
binding a user with different authority profiles.
The program authority can be forbidden, preview, watch, and idle in a descending order. The
system administrator is authorized to configure the authority.
10 Triple Play
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of triple play.
10.1.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of triple play.
10.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
10.1.3 Principle
This section describes the operating principles of triple play.
10.1.4 Implementation
This section describes the implementation of triple play.
10.1.5 Reference
This section describes the references on triple play.
10.1.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of triple play.
Definition
Triple play is a service provisioning mode in which integrated services can be provided to a user.
Currently, the prevailing integrated services include the high-speed Internet access service, voice
over IP (VoIP) service, and IPTV service.
Purpose
The triple play service is to encapsulate the broadband access, VoIP service, and video service
into an independent broadband connection to facilitate the usage and reduce the carrier's
maintenance cost.
Specification
The MA5600 supports multi-PVC for multiple services.
Glossary
None
10.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
10.1.3 Principle
This section describes the operating principles of triple play.
The main concern of triple play is how to handle different priorities of different services in a
user port, and to reduce the mutual effect to the lowest level.
l VoIP service
Because the bandwidth and delay of the VoIP service is low, the priority of the VoIP service
is the highest among the triple play services.
NOTE
Because the bandwidth occupied by the IPTV service is relatively high, and the bit error
ratio/packet loss ratio is relatively low, the priority of the IPTV service is lower than that
of the VoIP service, but is higher than that of the Internet access service.
NOTE
A high bit error ratio or packet loss ratio causes loss to video frames, thus affecting the program
quality.
l High-speed Internet access
Because common Internet access services, such as web browsing, require neither a strong
real-time performance nor a low packet loss ratio, the priority of the high-speed Internet
access service is the lowest among the triple play services.
NOTE
For the Internet access service, the retransmission mechanism is usually available to guarantee
transmission reliability. Therefore, the Internet access service does not require a low packet loss ratio
like the IPTV service.
To manage the three services on a port conveniently, the MA5600 supports three VLANs for an
upstream interface, one for the VoIP service, one for the IPTV service, and another for the high-
speed Internet access service.
NOTE
When the services are differentiated by the Ethernet type (IPoE/PPPoE), the service data goes upstream
through only two different VLANs.
10.1.4 Implementation
This section describes the implementation of triple play.
The triple play feature takes effect automatically. For details of the triple play configuration,
refer to "Triple Play Service Configuration" in the MA5600 Configuration Guide.
10.1.5 Reference
This section describes the references on triple play.
10.2.1 Introduction
This section describes the definition, purpose and specification of multi-PVC for multiple
services.
10.2.2 Principle
This section describes the operating principles of multi-PVC for multiple services.
10.2.1 Introduction
This section describes the definition, purpose and specification of multi-PVC for multiple
services.
Definition
Multi-PVC for multiple services is a triple play mode in which multiple PVCs are adopted for
carrying multiple services from the access device to each DSL user terminal.
Purpose
This triple play mode is compatible with the existing operations, administration and maintenance
(OAM) system.
Specification
l Each xDSL port supports up to 8 PVCs.
l Each service board supports up to 256 PVCs.
10.2.2 Principle
This section describes the operating principles of multi-PVC for multiple services.
The Internet access services, VoIP and IPTV services are carried by different PVCs to the user.
That is, each xDSL port is configured with at least three PVCs. At the network end, three VLANs
are created for the upstream interface to carry different types of services.
Figure 10-1 shows the operating principles of multi-PVC for multiple services.
PC
l The home gateway must be adopted for the DSL user terminal to provide three Ethernet
ports. The ports are used to connect to the Ephone for the VoIP service, the STB for the
IPTV service, and the PC for the high-speed Internet access.
l Each port is bound with a PVC (That is, the data flow from the port is labeled with the VPI/
VCI of this PVC). Then, the home gateway sends the data flow from this port to the
MA5600 over a single PVC for processing.
l After receiving the packets from the PVC, the MA5600 converts them into a data flow,
labels the data flow with a certain service VLAN, and then sends the labeled data flow to
the upper layer device.
11 Routing
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of routing.
11.1 Overview
This section describes the features of the routing on the MA5600.
11.2 Static Route
This section describes the features of the static route on the MA5600.
11.3 Dynamic Route
This section describes the features of the dynamic route on the MA5600.
11.1 Overview
This section describes the features of the routing on the MA5600.
11.1.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of routing.
11.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
11.1.3 Principle
This section describes the operating principles of routing.
11.1.4 Implementation
This section describes the implementation of routing.
11.1.5 Reference
This section describes the references on routing.
11.1.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of routing.
Definition
Routing is a common term used for describing the path through which the packets from a host
in a network travel to a host in another network.
Routers send packets on the Internet. A router selects a suitable path in a network according to
the destination address included in a received packet, and sends the packet to the next router on
the path. In this way, the packet travels over the Internet until the last router sends it to the
destination host.
Purpose
The access equipment, serving as a basic element in the entire telecom network, must support
the functions of remote operation, management and maintenance on the equipment itself.
It functions of remote operation, management and maintenance on the equipment itself. With
the development of small-size access equipment that can be managed remotely, the access
equipment needs to have BRAS functions, such as allocation of network addresses and user
management. In this way, the access equipment must support the routing feature.
Specification
l Static routes
l Dynamic routing protocols, such as Routing Information Protocol (RIP) and Open Shortest
Path First (OSPF)
Glossary
None
AS Autonomous system
11.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
No additional hardware is required for supporting the routing feature.
11.1.3 Principle
This section describes the operating principles of routing.
As shown in Figure 11-1, the packets from PC_A travel through three networks and two routers
until they reach PC_C and the hop count is three. If one node is connected to another through a
network, the two nodes are adjacent on the Internet. Similarly, adjacent routers mean that these
routers are connected to the same network. The hop count from a router in a network to a host
in the same network is zero.
Figure 11-1 shows the working principles of routers.
Router
Router
PC_A
Route segment
Router
Router
Router
PC_B
PC_C
Routing Table
Each router keeps a routing table. The routing table is a key for forwarding packets. The route
entries in the table shows:
l Through which a packet can be forwarded to a specific subnet or host so as to reach the
next router along the path.
l Whether the packet can be sent to the destination host in an interconnected network without
passing through other routers.
l Destination address
The destination address is a 32-bit character that labels the destination IP address or
destination network of an IP packet.
l Subnet mask
The subnet mask consists of a sequence of "1"s, and can be expressed in dotted decimal
format or as the total number of consecutive "1"s. The mask is used with the destination
address to identify the subnet address of the destination host or router.
To obtain the subnet address of the destination host or router, perform an AND operation
for the destination address and the subnet mask.
For example, if a routers destination address and subnet mask are 129.102.8.10 and
255.255.0.0, respectively, the routers subnet address is 129.102.0.0.
l Output interface
The output interface specifies the interface of a router for IP packet forwarding.
l Next hop IP address
The next hop IP address indicates the next router through which an IP packet will pass.
l Route priority
The route with the highest priority (smallest value) will be the optimal one. You can
configure multiple routes with different priorities to the same destination, but only one
route is selected based on the priority for IP packet forwarding.
Route Classification
Based on the destination, routes can be classified as:
l Subnet route
Its destination is a subnet.
l Host route
Its destination is a host.
Based on the connection between the destination and the router, routes can be classified as:
l Direct route
Its destination network is directly connected to the router.
l Indirect route
Its destination network is not directly connected to the router.
To avoid large routing tables, a default route can be assigned. Once a packet fails to find a route
in the routing table, the default route is selected for forwarding the packet.
Figure 11-2 shows some interconnected networks. The digits in each network represent the IP
address of the network. Router 8 is connected to three networks. Therefore, it has three IP
addresses and three physical ports.
R1 12.0.0.2 11.0.0.2
14.0.0.1 R4
12.0.0.0
12.0.0.3
12.0.0.1
10.0.0.0 Directly 2
11.0.0.0 Directly 1
12.0.0.0 11.0.0.2 1
13.0.0.0 Directly 3
14.0.0.0 13.0.0.2 3
15.0.0.0 10.0.0.2 2
16.0.0.0 10.0.0.2 2
The current route to a specific destination at a specific moment can only be determined by one
routing protocol. Each routing protocol (including the static routing protocol) is allocated with
a priority. When multiple route sources exist, the route discovered by the routing protocol with
the highest priority becomes the current route.
Table 11-3 lists various routing protocols and the default priorities of the routes discovered by
them.
DIRECT 0
OSPF 10
INTERNAL EIGRP 50
STATIC 60
RIP 100
IBGP 256
EBGP 256
UNKNOWN 255
The smaller the value, the higher the priority. In this table, "0" indicates the direct route, and
"255" indicates any route from an untrusted source.
You can define the priorities for all dynamic routing protocols except the direct route (DIRECT)
and the BGP (IBGP, EBGP). In addition, the priorities of any two static routes can be different.
Route Sharing
Different routing protocols can find different routes as they use different algorithms. Therefore,
a problem arises, that is, how to share the routes discovered by various routing protocols.
A routing protocol might need to import routes discovered by other protocols to diversify its
own routes. However, a protocol only needs to import qualified routes by setting attributes of
the routes to be imported.
To support a route policy, you must define the attributes of the routes to which the route policy
is to be applied, such as the destination address, and the address of the router distributing routes.
You can define the matching rules in advance so that they can be applied in a route policy for
route distribution, reception and importing.
Filters
The following describes the several filters used by the MA5600.
l ACL
An ACL is defined with a specified IP address and subnet range for identifying routes with
the desired destination segment address or next hop address.
l Address prefix list
An address prefix list is similar to an ACL in functions, but is more flexible and
comprehensible. When applied to filter routes, the address prefix list targets at the
destination address fields.
Identified by name, an address prefix list contains multiple entries. Each entry specifies a
matching range and is identified with index-number. index-number also specifies the
matching order.
In the process of matching, the router checks every entry identified with index-number in
the ascending order. If the route matches one entry, it means that the route matches the
address prefix list, and comparison with next entry is unnecessary.
l Route policy
Route policy is a sophisticated filter to identify routes with the desired attributes and modify
some attributes if conditions are satisfied. Route policy can define its own match rules using
other filters.
A route policy consists of several nodes (matching units). The node number is also the
matching order. Every node consists of if-match clause and apply clause. if-match defines
the matching order. The objects of the matching are some attributes of the routes. The
relationship between two if-match clauses of a node is "and". The match test can be
considered as pass-through only when all if-match clauses of a node are satisfied. apply
clause specifies the action to be taken when node match test is conducted, that is, set some
attributes of the routes.
The relationship between nodes of a route policy is "or". The system checks every node of
a route policy. If one node passes the match test, it means that the route policy passes the
match test, and match test for next node is not required.
l When importing routes discovered by other protocols, a routing protocol can apply this
filter to obtain the required routes.
l When transmitting or receiving routes, a routing protocol can apply the filter so that only
the required ones are transmitted or received.
11.1.4 Implementation
This section describes the implementation of routing.
For details of the routing configuration, refer to "Routing Protocol Configuration" in the
MA5600 Configuration Guide.
11.1.5 Reference
This section describes the references on routing.
11.2.1 Introduction
This section describes the definition, purpose, specification of the static route.
11.2.2 Principle
This section describes the operating principles of the static route.
11.2.1 Introduction
This section describes the definition, purpose, specification of the static route.
Definition
The static route is a special route. It is configured manually by the network administrator.
Purpose
In a simple network, a router can work in the normal state as long as its static routes are
configured. Proper configuration and use of static routes can improve the network performance
and assure bandwidth for important applications.
Configuring static routes is easy. Static routes apply to small networks that are simple and stable.
However, when a network fault occurs, the static routes cannot change automatically. They have
to be adjusted by the administrator.
Specification
The MA5600 supports up to 1000 static routes.
11.2.2 Principle
This section describes the operating principles of the static route.
An administrator adds static routes to the routing table through the CLI or SNMP. The forwarding
module follows the longest match algorithm for the route matching. If the destination address
of a packet matches an entry in the routing table, the module forwards the packet to the next
hop.
11.3.1 Introduction
This section describes the definition, purpose, specification of the dynamic route.
11.3.2 Principle
This section describes the operating principles of the dynamic route.
11.3.1 Introduction
This section describes the definition, purpose, specification of the dynamic route.
Definition
The dynamic route refers to a route that automatically changes in light of the change of network
topology or network traffic.
Purpose
The routing algorithm of a dynamic routing protocol enables a route to adapt to change of
network topology. Dynamic routes apply to the network deployed with L3 devices. However,
configuring dynamic routes is complicated. In addition, it has a higher requirement on the system,
and occupies more network resources than configuring static routes.
Specification
The MA5600 supports 2300 dynamic routes.
l RIP
l OSPF
11.3.2 Principle
This section describes the operating principles of the dynamic route.
RIP
RIP defines how routers exchange routing table information. RIP is based on the view
differencing (V-D) algorithm. RIP falls into two versions: RIP 1 and RIP 2.
With RIP, routers can exchange route using the User Datagram Protocol (UDP) packets, and
send route updates every 30s. If a router does not receive any route updates from the peer device
for 180s, it labels the routes from the peer device as unreachable, and deletes such routes if no
route updates are received in the next 120s.
l RIP 1
RIP 1 is a classful routing protocol. It supports broadcasting protocol packets. The RIP 1
protocol packets do not contain any masks. Therefore, RIP 1 can identify only the routes
of the natural network segments such as Class A, Class B and Class C. Thus, RIP 1 supports
neither route summary nor discontinuous subnet.
l RIP 2
RIP 2 is a classless routing protocol. Compared with RIP 1, RIP 2 supports the following:
Route tag
It controls routes flexibly based on the Tag in the route policy.
Packets containing masks
The packets contain masks for route summary and classless inter-domain routing
(CIDR).
The next hop selection
In broadcast networks, you can select the optimal next hop address.
Multicast route to send updates
Only RIP 2 routers can receive protocol packets, thus reducing resource consumption.
Protocol packet authentication
RIP 2 provides two authentication modes: authentication in plain text and MD5
authentication to enhance the security of the packets.
NOTE
l RIP 2 transmits packets in two modes: broadcast mode and multicast mode. By default, packets
are transmitted in multicast mode using the multicast address 224.0.0.9.
l When the interface runs in RIP 2 broadcast mode, it can also receive RIP 1 packets.
l Hop count
The RIP uses hop count to measure the distance to the destination host, which is called
routing metric.
In the RIP, the metric from a router to its directly connected network is 0 (is 1 defined by
some protocols), and the metric from a router to a network which can be reached through
another router is 1, and so on.
To restrict the convergence time, the RIP prescribes that the metric is an integer ranging
from 0 to 15. When hop count is 16, it is regarded as infinitely large.
l Routing loop avoidance
RIP avoids routing loops by the following mechanisms:
Counting to infinity
The RIP defines the metric of 16 as infinity. In case routing loops occur, when the cost
of a route reaches 16, this route is considered unreachable.
Split horizon
The RIP does not send the routes learned from an interface to its adjacent routers through
this interface. This reduces bandwidth consumption and avoids routing loops.
Poison reverse
The RIP learns a route from an interface, sets its metric to 16 (unreachable), and
advertises it to the adjacent routers through this interface. This clears the unnecessary
information in the routing tables of its adjacent routers.
Triggered updates
RIP can avoid routing loops among multiple routers and speed up the network
convergence through triggered updates. After the metric of a route changes, a router
advertises updates to its adjacent routers rather than waits until the period times out.
OSPF
OSPF is an interior gateway protocol (IGP) based on the link state developed by the Internet
Engineering Task Force (IETF). The version in use is the OSPF Version 2 (RFC 2328), which
has the following features:
l Application scope
It supports networks of various scales and hundreds of routers.
l Fast convergence
It enables an update to be sent immediately after the network topology changes, so that the
change can be synchronized in the Autonomous System (AS).
l Loop-free
As OSPF calculates the route with the shortest path tree algorithm through the collected
link state, no loop route is generated from the algorithm itself.
l Area division
The network of the AS is divided into areas. The routes between the areas become more
abstract, reducing the bandwidth occupation in the network.
l Equal route
It supports multiple equal routes to the same destination address.
l Routing hierarchy
Four types of routes are used in the order of preference: intra-area routes, inter-area routes,
external routes of type 1 and external routes of type 2.
l Authentication
It supports interface-based packet authentication to ensure the security of route calculation.
l Multicast
It supports multicast addresses.
l AS mechanism
The whole network can be regarded as an entity consisting of multiple ASs. Information
of the ASs can be synchronized through dynamic discovery and transmission of routes by
collecting and transmitting the AS link states.
Each AS can also be further divided into several areas. If the interfaces of a router are
allocated to multiple areas, this router is called an area border router (ABR). An ABR is
located at the area boundary and is connected to multiple areas.
The OSPF backbone area, a special area labeled with 0.0.0.0, is responsible for exchange
of routing information for non-backbone areas. As all the non-backbone OSPF areas are
interconnected logically with the backbone area, the concept of virtual link is introduced
to ensure that logical connectivity remains between the physically divided areas.
The Autonomous System Boundary Router (ASBR) is a router responsible for exchanging
routing information with other ASs and distributing external routes among the ASs.
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the Ethernet link aggregation.
12.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of the Ethernet link aggregation.
12.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
12.3 Principle
This section describes the operating principles of the Ethernet link aggregation.
12.4 Implementation
This section describes the implementation of the Ethernet link aggregation.
12.5 Reference
This section describes the references on the Ethernet link aggregation.
12.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of the Ethernet link aggregation.
Definition
Ethernet link aggregation refers to aggregation of multiple Ethernet ports together to form a port
to provide higher bandwidth and link security.
IEEE 802.3ad is a standard concerning Ethernet link aggregation. The Link Aggregation Control
Protocol (LACP) based on IEEE802.3ad is a protocol for realizing link aggregation. Using the
LACP, the Ethernet ports of different devices can be automatically aggregated without
interventions from the user, and the link layer failure of the ports can be detected to implement
link aggregation control.
Purpose
Link aggregation is used to improve the bandwidth and implements loading sharing according
to certain strategies. This guarantees reliability and security.
Specification
Limitation
The Ethernet link aggregation of the MA5600 has the following limitations:
l Only the ports of the same type (including port attribute, operating mode, and rate) can be
aggregated together to form a LAG.
l The LAG of an SCU board contains the ports of this SCU board.
l Dynamic link aggregation is not supported.
Glossary
Table 12-1 Glossary of technical terms concerning the Ethernet link aggregation
Glossary Definition
Manual link aggregation In manual link aggregation mode, a user manually creates a link
aggregation group (LAG), adds or deletes the member ports
without running the LACP. All the member ports in the LAG have
two physical states: down and up.
Table 12-2 Acronyms and abbreviations concerning the Ethernet link aggregation
Acronym Full Expansion
12.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
The SCUB/SCUK control board and SCUB/SCUK Ethernet subtending board support the
Ethernet link aggregation.
12.3 Principle
This section describes the operating principles of the Ethernet link aggregation.
According to the link aggregation configuration methods, the Ethernet link aggregation includes:
l Manual link aggregation
l Static link aggregation
l Dynamic link aggregation
The MA5600 supports only the manual link aggregation configuration. The LACP protocol is
not supported in manual link aggregation. The following details the principles of the manual
link aggregation configuration.
Figure 12-1 shows the manual link aggregation principles.
Aggregation
MA5600
S S
Switch
C C
U U
Two ports of the MA5600 are aggregated together to form an aggregation group. The peer device
adds the two ports into the aggregation group.
If the two ports of the MA5600 are in the normal state, the traffic between the MA5600 and the
peer device is shared by the two links according to the source MAC address or the combination
of the source MAC address and the destination MAC address. However, if a port of the
MA5600 fails or the corresponding link fails, the control board of the MA5600 will not distribute
the traffic to the faulty port.
12.4 Implementation
This section describes the implementation of the Ethernet link aggregation.
The feature of Ethernet link aggregation takes effect automatically. For details of the Ethernet
link aggregation configuration, refer to "Device Subtending Configuration" in the MA5600
Configuration Guide.
12.5 Reference
This section describes the references on the Ethernet link aggregation.
The following lists the references on the Ethernet link aggregation:
l IEEE 802.3ad Link Aggregation
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
13 ATM Subtending
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the ATM subtending.
13.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the ATM subtending feature.
13.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
13.3 Principle
This section describes the operating principles of ATM subtending.
13.4 Implementation
This section describes the implementation of ATM subtending.
13.5 Reference
This section describes the references on ATM subtending.
13.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the ATM subtending feature.
Definition
ATM subtending refers to a subtended configuration in which the IP DSLAM is subtended with
the existing ATM DSLAMs in several tiers through its ATM ports, such as STM-1 ports.
Purpose
Currently the ATM network has come to a standstill. In the future, the MAN construction will
be based on IP. The legacy ATM network is gradually shifting to the IP MAN, and IP DSLAMs
have become the mainstream of the DSLAMs.
To save the operators' resources, one solution is to add ATM ports on the IP DSLAM to subtend
with the existing ATM DSLAMs.
Specification
The MA5600 supports the following ATM subtending specifications:
l Supports PVC switching.
l Supports PPPoE+ and DHCP Option82.
l Supports QinQ and VLAN stacking.
l Supports uplink through the Smart VLAN and MUX VLAN.
l Supports CAR on the downstream direction of the PVC at a granularity of 64 kbit/s.
l Each AIU board supports up to four STM-1 ports or eight IMA E1 ports.
Limitation
The ATM subtending feature of the MA5600 has the following limitations:
l The MA5600 does not support VP switching.
l The MA5600 does not support configuration of PVP.
l The MA5600 is not subtended with ATM DSLAMs that provide services of strict clock
requirements (such as CES and FR).
l The subtended DSLAMs do not support multicast service.
l The subtended DSLAMs do not support single-PVC for multiple services.
Glossary
VP Virtual path
13.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
The AIUG board supports the ATM subtending.
13.3 Principle
This section describes the operating principles of ATM subtending.
Figure 13-1 ATM subtending network for upstream transmission through Ethernet
BRAS
Ethernet
MAN
GE/FE
MA5600
ADSL2+ STM-1
ATM DSLAM
Modem
Modem
Figure 13-2 shows an ATM subtending network for upstream transmission through a private
line.
Figure 13-2 ATM subtending network for upstream transmission through a private line
ATM BRAS
Ethernet MAN
ATM
PWE3 GE/FE
MA5600
ADSL2+ STM-1
ATM DSLAM
Modem
Modem
As shown in Figure 13-2, the IP DSLAM sets up a PWE3 private line for the ATM cells sent
from the ATM DSLAM. The ATM cells are encapsulated to PWE3 packets, and then sent to
the ATM BRAS at the peer end through the Ethernet MAN.
l In the upstream direction (from the ATM DSLAM to the IP DSLAM)
1. The IP DSLAM recovers the ATM cells (such STM-1 cells) from the ATM DSLAM
to ATM cell stream. If the interface between the ATM DSLAM and the IP DSLAM
is an IMA E1 port, the IP DSLAM also performs deframing on the IMA E1 frames.
2. The IP DSLAM encapsulates the ATM cells to PWE3 packets, and then encapsulates
the PWE3 packets to Ethernet packets.
3. The Ethernet packets are sent to the ATM BRAS at the peer end over the Ethernet
MAN through the Ethernet uplink port on the IP DSLAM.
l In the downstream direction (from the IP DSLAM to the ATM DSLAM)
1. After receiving the Ethernet packets from the Ethernet MAN, the IP DSLAM recovers
packets to PWE3 packets, and then to ATM cell stream.
2. The ATM cell stream is encapsulated to ATM frames (such as STM-1 frames).
3. The ATM frames are sent to the ATM DSLAM through the ATM port (such as STM-1
port).
13.4 Implementation
This section describes the implementation of ATM subtending.
13.5 Reference
This section describes the references on ATM subtending.
The following lists the references on ATM subtending:
l ITU-T I.363.5, AAL5 Service Adaptation Protocol
l ITU-T I.361, B-ISDN ATM layer specification
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
14 MPLS
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the MPLS.
14.1.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of MPLS.
Definition
Multiprotocol label switching (MPLS) was introduced to improve the forwarding speed.
However, because of its excellent performance in traffic engineering (TE) and virtual private
network (VPN), which are the two critical technologies in the present IP network, MPLS is
becoming an important standard for extending the IP network.
The basic functions of MPLS include the MPLS Label Distribution Protocol (LDP) and the label
switched path (LSP) management function.
l LDP is a standard MPLS label distribution protocol defined by the IETF. It is responsible
for Forwarding Equivalence Class (FEC) classification, label distribution, as well as
establishment and maintenance of LDP sessions.
l The LSP management function enables unified management and maintenance of LSPs
created by various label distribution protocols and implements the function of delivering
the hardware forwarding module.
l Protocols specially defined for label distribution, such as LDP and Constraint-Based
Routing using LDP (CR-LDP)
l Extended protocols that can support label distribution, such as Border Gateway Protocol
(BGP) and Resource Reservation Protocol (RSVP)
The MA5600 supports LDP, RSVP, and manually configured static LSPs. It does not support
CR-LDP or BGP.
Purpose
The basic functions of MPLS are the foundation of MPLS PWE3.
Specification
The MA5600 supports the following MPLS specifications:
l Downstream unsolicited (DU) label distribution
l Ordered label control mode
l Liberal label retention mode
l Penultimate hop popping
l Working as an LER
l 1024 LDP LSPs
l 256 static LSPs
l 8 local LDP peers
l 32 remote LDP peers
l MPLS label range: 819216383
Limitation
The MA5600 MPLS has the following limitations:
l The MA5600 does not work as an LSR.
l The MA5600 does not support MPLS forwarding according to the FEC which is based on
the IP address of a user.
l The MPLS VLAN must be a standard VLAN.
Glossary
Label switching router An LSR is a basic element of an MPLS network. All LSRs support
(LSR) MPLS.
l An LSR consists of a control plane and a forwarding plane.
l The control plane allocates labels, selects routes, creates the label-
forwarding information base, and sets up or deletes an LSP.
l The forwarding plane forwards the received packets according to
the entries in the label-forwarding base.
Label switching edge An LER is responsible for traffic classification, label mapping
router (LER) (Ingress), and label deletion. At the edge of an MPLS network, an
LER (Ingress LER) classifies the traffic which is transmitted to the
MPLS network into different FECs, and requests labels for these
FECs.
Label Switched Path An LSP refers to the path along which an FEC travels in an MPLS
(LSP) network.
The LSP functions as a unidirectional path from the ingress to the
egress, similar to the virtual circuit of the ATM or frame relay (FR).
Label Distribution LDP is the control protocol of MPLS. It is similar to the signaling
Protocol (LDP) protocol in a traditional network.
LDP is responsible for FEC classification, label distribution, LSP
establishment and maintenance.
TE Traffic engineering
14.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
To support MPLS, an MPLS subboard must be configured.
14.1.3 Principle
This section describes the operating principles of MPLS.
Figure 14-1 shows the MPLS network structure.
Egress
1. Enable MPLS and LDP on all the routers in the network, and enable LDP on the
interconnected ports.
2. LDP establishes an LDP session between two routers that carries the LDP protocol packets.
3. LDP with traditional routing protocols like OSPF and RIP establishes LSPs for requesting
FECs in each LSR.
4. To establish static LSPs, LDP is not necessarily enabled. For this purpose, configure FECs,
incoming labels and outgoing labels on each MPLS router along the static LSPs.
14.1.4 Implementation
This section describes the implementation of MPLS.
The MPLS feature takes effect automatically.
For details of the MPLS configuration, refer to "MPLS Access Configuration" in the
MA5600 Configuration Guide.
14.1.5 Reference
This section describes the references on MPLS.
The following lists the references on MPLS:
14.2.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of MPLS PWE3.
Definition
Pseudo wire emulation edge-to-edge (PWE3) is an end-to-end L2 technology for bearing service
traffic. It is a point-to-point L2VPN.
The MA5600 supports MPLS PWE3 in which LDP is used as a singling to implement the
following functions:
l ATM emulation
l Ethernet emulation
l ATM or Ethernet leased line
Purpose
MPLS PWE3 provides the following functions:
l ATM emulation
l Ethernet emulation
l Emulation leased line solution in an IP network
Specification
The MA5600 supports the following MPLS PWE3 specifications:
l Establishment of static pseudo wire (PW)
l Establishment of dynamic PW
l Support of one-hop PW
l Support of U-PE
l Dynamic PW supporting LDP
l ATM Nto1, ATM SDU, and ETHERNET TAGGED PW
l Mapping from user PVC and VLAN priorities to the EXP fields of MPLS labels
l Priority scheduling based on the EXP field
l Working as an provider edge (PE)
l 896 static PWs
l 2048 dynamic PWs
l 256 PW profiles
Limitation
The MA5600 MPLS PWE3 has the following limitations:
l The MA5600 does not work as an S-PW.
l The MA5600 does not work as a device on the P (provider) node.
Glossary
Glossary Definition
PW The path for the AC service to enter a PE, exit from another
PE, and enter another AC can be a point-to-point connection
from one PE to another PE, or a point-to-multipoint
connection.
Glossary Definition
PWE3 A general term for the whole service from a CE to the peer CE
through the PSN. The transmission media can be the same or
different. The end-to-end management can be implemented.
PW Pseudo wire
AC Attachment circuit
PE Provider edge
CE Customer edge
14.2.2 Principle
This section describes the operating principles of MPLS PWE3.
As a PE, the MA5600 establishes the MPLS PW tunnel, encapsulates user data (ATM cells or
Ethernet frames) at the transmit end with two layers of MPLS labels, and sends them to the
MPLS backbone network. At the receive end, the received MPLS packets are decapsulated to
the original packets and then sent to the users.
The MA5600 classifies ATM cells into different ATM PWs according to the VPI/VCI of the
ATM PVC, and classifies Ethernet frames into different Ethernet PWs according to the VLAN.
The packets are encapsulated with the incoming label of the PW and the outgoing label of the
external LSP as well as the public Ethernet header, and then transmitted from the corresponding
upstream port. That is, PWs are transmitted. This task is performed by the MPLS forwarding
module of the MA5600.
For a user, this is an ATM switching network or an Ethernet L2 switching network regardless
of the backbone network.
Figure 14-3, Figure 14-4 and Figure 14-5 show the packet encapsulation modes of three types
of PWs.
14.2.3 Implementation
This section describes the implementation of MPLS PWE3.
The MPLS PWE3 feature takes effect automatically.
For details of the MPLS PWE3 configuration, refer to "MPLS Access Configuration" in the
MA5600 Configuration Guide.
14.2.4 Reference
This section describes the references on MPLS PWE3.
The following lists the references on MPLS PWE3:
l draft-ietf-pwe3-requirements-08, Requirements for Pseudo-Wire Emulation Edge-to-Edge
(PWE3)
l draft-ietf-pwe3-control-protocol-12, Pseudowire Setup and Maintenance using LDP
l draft-ietf-pwe3-arch-07, PWE3 Architecture
l draft-ietf-pwe3-ethernet-encap-08, Encapsulation Methods for Transport of Ethernet
Frames Over IP/MPLS Networks
l draft-ietf-pwe3-atm-encap-07, Encapsulation Methods for Transport of ATM Over MPLS
Networks
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
15 System Security
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of system security.
15.1.1 Introduction
This section describes the definition, purpose, specification, as well as acronyms and
abbreviations of system security.
Definition
The MA5600 supports security settings to prevent attacks initiated by the network to the
MA5600 itself and by users in the network. The MA5600 supports the following security
features:
l Anti-denial of service (DoS) attack
l Anti-ICMP/IP attack
l Source route filtering
l MAC address filtering
l Firewall black list
l Firewall
l Configuration of acceptable/refused address segments
Purpose
Figure 15-1 shows the system security application model of the MA5600.
Carrier network
RG
MAN
DSLAM Network
device
Broadband user
Remote user
This chapter describes how the MA5600 protects itself from attacks initiated by a user. Some
features (such as the firewall feature) of the MA5600 can also prevent a remote user from
attacking the system.
In addition, the MA5600 protects the network equipment from attacks. This guarantees the
security of the carrier's network.
Specification
Glossary
Glossary Definition
15.1.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
15.1.3 Principle
This section describes the principles of system security features.
l Anti-DoS attack
The MA5600 detects and controls the number of packets sent from a user to the CPU of
the main control board. This avoids attacks on the CPU caused by an excessively large
number of packets.
l Anti-ICMP/IP attack
The MA5600 identifies and discards the ICMP/IP packets with their destination IP
addresses the same as the IP address of the MA5600.
l Source route filtering
The MA5600 identifies and discards the IP packets with specified source route options.
l MAC address filtering
The MA5600 identifies and discards the packets with the specified source MAC addresses.
l Firewall black list
The MA5600 filters the service packets with the source IP addresses in the firewall black
list.
l Firewall
The MA5600 filters data packets based on the ACL rule. This prevents unauthorized users
from accessing the MA5600.
l Configuration of acceptable/refused address segments
The MA5600 checks if the IP address of a login user is in the acceptable address segments.
This prevents users of unauthorized address segments from accessing the MA5600.
15.1.4 Implementation
This section describes how to activate, modify and deactivate the system security features.
The system security feature automatically takes effect. For details of the system security
configuration, refer to "System Security Configuration" in the MA5600 Configuration
Guide.
15.1.5 Reference
This section describes the references on system security.
The following lists the references on system security:
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
15.2.1 Introduction
This section describes the definition, purpose, specification and limitation of the anti-DoS attack
feature.
Definition
Anti-DoS attack means defensive measures taken by the MA5600 to control and limit the number
of control packets from a user.
A DoS attack occurs when users send an excessively large number of control packets purposely
to the system to overload it.
Purpose
A DoS attack:
l Endangers the normal operation of the access system
l Prevents the DSLAM from receiving normal service requests from the legal users.
l Suspends the system
To protect the MA5600, you can enable the MA5600 to limit the number of control packets from
a user. In this way, the MA5600 discards excessive packets.
For a user initiating DoS attacks, the MA5600 adds the user to the firewall black list and stops
receiving control packets from the user.
For a user in the firewall black list, the administrator can force the user to get offline.
Specification
The MA5600 supports the following anti-DoS attack specifications:
Limitation
For the xDSL board, the MA5600 detects if a DoS attack occurs on a physical port.
15.2.2 Availability
This section describes the hardware required for this feature, including boards and terminals..
15.2.3 Principle
This section describes the principles of the anti-DoS attack feature.
15.2.4 Implementation
This section describes how to activate, modify and deactivate the anti-DoS attack feature.
For details of the anti-DoS attack feature, refer to "System Security Configuration" in the
MA5600 Configuration Guide.
15.3.1 Introduction
This section describes the definition, purpose and specification of the anti-ICMP/IP attack
feature.
Definition
Anti-ICMP/IP attack refers to the capability of the MA5600 to discard malicious ICMP/IP
packets.
ICMP/IP attack means a malicious user sends ICMP/IP packets whose destination IP address is
the IP address of the MA5600 itself. The packets affect the system performance.
Purpose
The packets from a normal user do not use the IP address of an MA5600 as their destination IP
address. A malicious user, however, might attack the MA5600 by sending ICMP/IP packets with
the destination IP address the same as the IP address of the MA5600.
Anti-ICMP/IP attack means the MA5600 identifies and discards the ICMP/IP packets whose
destination IP address is the IP address of the MA5600.
Specification
None
15.3.2 Principle
This section describes the principles of the anti-ICMP/IP attack feature.
If the destination IP address of the ICMP/IP packets from a user is the IP address of the
MA5600, the MA5600 discards the packets.
15.4.1 Introduction
This section describes the definition, purpose and specification of the source route filtering
feature.
Definition
The IP packet with the source route option specifies the transmission path of the packet. For
example, if you want an IP packet to pass through three routers, R1, R2 and R3, then you can
specify the interface addresses of these three routers in the source route option. In this way, the
IP packet passes through these three routers in turn regardless of the routing tables on the three
routers are.
During the transmission, the source and destination addresses of such an IP packet change
continuously. In this case, by setting the source route option properly, an attacker can forge some
valid IP addresses to access the network deceitfully.
When the source route filtering feature is enabled, the MA5600 can drop such an IP packet.
Purpose
Source route filtering means dropping the IP packet with the source route option. This protects
the carrier's network from attacks initiated by a malicious user by sending forged IP packets.
Specification
None
15.4.2 Principle
This section describes the principle of the anti-ICMP/IP attack feature.
With the source route filtering feature enabled, the MA5600 discards the IP packets with the
source route option.
This section describes the definition, purpose, specification and limitation of the MAC address
filtering feature.
15.5.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
15.5.3 Principle
This section describes the principles of the MAC address filtering feature.
15.5.1 Introduction
This section describes the definition, purpose, specification and limitation of the MAC address
filtering feature.
Definition
MAC address filtering means that the MA5600 checks the source MAC address of user packet.
The source MAC address cannot be the MAC address of the network equipment. For example,
the 01-80-C2-00-00-0 in the MAC address of the LACP, or the 01-00-5E-00-00-09 in the MAC
address of the RIP.
Purpose
MAC address filtering is used to specify the source MAC addresses not allowed for user packets.
This is to prevent malicious users from forging the MAC address of the network equipment to
attack the carrier's network.
Specification
The MA5600 supports the filtering of four MAC addresses.
Limitation
The MAC address filtering and anti-MAC spoofing feature can be enabled at the same time. If
both are enabled, the feature of MAC address filtering has a higher priority.
15.5.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
15.5.3 Principle
This section describes the principles of the MAC address filtering feature.
The principles for implementing the MAC address filtering feature is as follows:
1. To prevent a user from forging a MAC address of the network equipment, set the MAC
address as the one to be filtered.
2. For upstream user packets, the MA5600 checks the source MAC address. If it is the same
as the specified MAC address, the MA5600 discards the packets.
15.6.1 Introduction
This section describes the definition, purpose, specification and limitation of firewall black list
feature.
Definition
A firewall black list is a list of IP addresses. The system filters the service packets whose source
IP addresses are in the firewall black list. This enhances system security and network security.
Purpose
The firewall black list is used to specify malicious users for preventing attacks on the
MA5600.
Specification
The MA5600 supports the following firewall black list specifications:
Limitation
An ACL rule is applicable when the firewall black list feature is enabled. In this case, the ACL
rule has a higher priority.
15.6.2 Principle
This section describes the principles of the firewall black list feature.
The principle for implementing the firewall black list feature is as follows:
1. For the packets with the source IP address specified in the firewall black list, the
MA5600 discards the packets.
2. For the packets that match a specified ACL rule, if the rule allows the packets to pass
through, the MA5600 transmits the packets upstream even if the IP address is in the firewall
black list. If the rule forbids the packets to pass through, the MA5600 discards packets.
15.7 Firewall
This section describes the feature of the firewall on the MA5600.
15.7.1 Introduction
This section describes the definition, purpose, specification and limitation of the firewall feature.
15.7.2 Principle
This section describes the principles of the firewall feature.
15.7.1 Introduction
This section describes the definition, purpose, specification and limitation of the firewall feature.
Definition
The firewall feature enables the MA5600 to filter data packets based on an ACL rule. This
prevents unauthorized users from accessing the MA5600.
Purpose
By setting the firewall, only authorized users can maintain the MA5600 through its maintenance
network port (outband) or service channel (inband).
An unauthorized users might access an MA5600 through its maintenance network port (outband)
or service channel (inband) to configure the MA5600 illegally. This affects the operation of the
MA5600 and the carrier's network.
Specification
The MA5600 supports the following firewall specifications:
l The firewall feature can be enabled on the maintenance network port and every VLAN
interface.
Limitation
The MA5600 firewall has the following limitations:
l The firewall feature enables the MA5600 to filter data packets based on ACL rules,
provided that the rules exist. If the rules do not exist, the MA5600 transmits or discards the
packets according to the default rule.
l The ACL rules applying to the firewall must be a basic ACL rule or an advance ACL rule.
15.7.2 Principle
This section describes the principles of the firewall feature.
1. If the firewall feature is enabled, when a user logs in to the MA5600 through its maintenance
network port or a service channel, the MA5600 judges whether the user is allowed to access
the system according to the configured ACL rules. If the user packets do not match the
ACL rules, the MA5600 discards the packets.
2. An ACL rule specifies a group of IP addresses, protocol types, or ports allowed or forbidden
to access the system.
15.8.1 Introduction
This section describes the definition, purpose, specification and limitation of the address segment
configuration feature.
Definition
Purpose
The MA5600 prevents the users of illegal IP address segments from logging in to the system,
and thus the system security is guaranteed to an extent.
Specification
The MA5600 supports the login through protocols Telnet, SSH and SNMP. For each type of the
firewall, the MA5600 supports the configuration of acceptable/refused IP address segments.
For each type of firewall, you can configure up to 10 acceptable IP address segments and 10
refused IP address segments.
Limitation
The first address of a new address segment cannot be the same as that of an existing address
segment.
15.8.2 Principle
This section describes the principles of the address segment configuration feature.
When a user logs in to the system through Telnet, or SSH or SNMP, the system checks if the IP
address of the user is in the acceptable IP address segments. If yes, the user can log in
successfully.
16 User Security
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of user security.
16.1 PITP
This section describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the PITP.
16.2 DHCP Option82
This section describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the DHCP Option82.
16.3 RAIO
This section describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the RAIO.
16.4 IP Address Binding
This section describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the IP address binding.
16.5 MAC Address Binding
This section describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the MAC address binding.
16.6 Anti-MAC Spoofing
This section describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the anti-MAC spoofing.
16.7 Anti-IP Spoofing
This section describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the anti-IP spoofing.
16.1 PITP
This section describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the PITP.
16.1.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of the PITP.
16.1.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
16.1.3 Principle
This section describes the principles of the PITP.
16.1.4 Implementation
This section describes the implementation of the PITP.
16.1.5 Reference
This section describes the references on the PITP.
16.1.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of the PITP.
Definition
The Policy Information Transfer Protocol (PITP) is a protocol for transferring the policy
information between the access equipment and the BRAS in the layer-2 P2P communication
mode. PITP is used to transfer the information on a user's access location. PITP, namely, relay
agent information option (RAIO), involves:
l V mode
In this mode, the BRAS initiates the query of a user's port information from the MA5600.
l P mode
In this mode, the MA5600 adds a user's port information to the PPPoE discovery packet
for the BRAS to authenticate the user.
Purpose
For the MA5600, PITP provides the upper layer authentication server (such as BRAS) with the
information about the ports of users. After the BRAS obtains the port information, it
authenticates the binding of the user account with the access port to avoid theft and roaming of
user accounts.
Specification
PITP supports V mode and P mode.
PITP takes effect only when it is enabled in all the following levels:
l Global level
l Port level
Limitation
l Only one PITP mode can be enabled at a time.
l The V mode protocol type cannot be the standard Ethernet protocol type.
l The V mode Ethernet protocol type cannot be configured in the PITP V mode. To modify
the default V mode protocol type, disable V mode first.
Glossary
None
16.1.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
No additional hardware is required for supporting PITP.
16.1.3 Principle
This section describes the principles of the PITP.
Implementation of V Mode
Figure 16-1 shows the PPPoE dialup process in PITP V mode.
1 PADI
2 PADO
Discovery
3 PADR
4 PADS
7 LCP negotiation
8 Authentication
Session packet 9 Request packet
with the user port
information
10 Access
accepted packet
11 Authentication
pass packet
12 Data transmission
# 012345678901 23456789012345678901
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Version | Reserve |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Session ID |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Src Addr |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# | Dst Addr |
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
# + - +- +- +- +- +- +- +- +- +-+ -+ -+ -+ -+ -+ -+ -+ -+ -+ - + -+ -+ -+ - + -+ -+ -+- +- +- +- +- +
The Ethernet protocol type of a V mode packet is configurable. By default, it is 0x8200. Table
16-2 describes each field in a V mode packet.
Field Description
Field Description
User Info LEN Length of user information with one byte. It is:
l Invalid for a request packet.
l The length of the character string of the user port information
for a response packet. The length is changeable, and the
character string concerns the information on a user's access
location, namely, the RAIO information.
The format varies with different modes. For details, refer to "16.3
RAIO."
Implementation of P Mode
Figure 16-3 shows the PPPoE dialup process in PITP P mode.
1 PADI PADI+Tag
5 LCP negotiation
6 Authentication
packet 7 Request packet
with the user port
Session information
8 Access accepted
packet
9 Authentication
pass packet
10 Data transmission
In PITP P mode, the MA5600 adds the information on a user's access location into PPPoE
discovery packets for user authentication at the upper layer server.
The difference of PPPoE dialup between the case that P mode is enabled and that P mode is
disabled lies in:
l At the PPPoE discovery stage, the PPPoE packets sent between the MA5600 and the BRAS
contain the information on a user's access location. The MA5600 receives the PPPoE
packets from a user and adds the access location information into the packets. After that,
the MA5600 forwards the packets to the BRAS. Upon receiving the PPPoE packets
containing the access location information from the BRAS, the MA5600 extracts the
information and then forwards the packets to the user.
NOTE
Note that the packets from the BRAS do not necessarily contain the information on a user's access
location.
l If the PPPoE user needs to be authenticated on the RADIUS server, the BRAS extracts the
access location information from the PPPoE packets from the MA5600 and then adds the
information into the authentication request packets for authentication.
+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| LENGTH | PAYLOAD ~
+ -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
01234567890123456789012345678901
+ -+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-
| TAG_TYPE | TAG_LENGTH |
+ -+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-
| TAG_VALUE ... ~
+ -+-+-+-+-+-+-+-+-+-+-+-+- +-+-+-+-+-+-+-+-+-+-+-+-+-
Field Description
VER It is 1.
TYPE It is 1.
Code This field indicates the packet type at the PPPoE discovery stage. The
correlation between this field and the packet type is as follows:
l PADI: 0x09
l PADO: 0x07
l PADR: 0x19
l PADS: 0x65
l PADT: 0xa7
SessionID The session ID is obtained through the negotiation between the user
and the BRAS.
Figure 16-6 shows the format of the vendor tag (P mode tag) specified by the forum.
The MA5600 supports the vendor tags in different formats. For details, refer to "16.3 RAIO."
16.1.4 Implementation
This section describes the implementation of the PITP.
For details of the PITP configuration, refer to "User Security Configuration" in the MA5600
Configuration Guide.
16.1.5 Reference
This section describes the references on the PITP.
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the DHCP Option82.
16.2.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
16.2.3 Principle
This section describes the principles of the DHCP Option82.
16.2.4 Implementation
This section describes the implementation of the DHCP Option82.
16.2.5 Reference
This section describes the references on the DHCP Option82.
16.2.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the DHCP Option82.
Definition
DHCP Option82 is similar to P mode. The information on a user's access location is added into
the DHCP request packets initiated by a user for user authentication.
Purpose
DHCP Option82 enables the DHCP request packets to carry the information on a user's access
location for user authentication.
Specification
DHCP Option82 takes effect only when it is enabled at all the following levels:
l Global level
l Port level
l Service port level
Glossary
None
16.2.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
16.2.3 Principle
This section describes the principles of the DHCP Option82.
Principle
Figure 16-7 shows the DHCP process when DHCP Option82 is enabled.
Offer(+Option82)
Offer
Request
Request+Option82
ACK(+Option82)
ACK
Data transmission
Release
The principle of DHCP Option82 is similar to that of P mode. The difference lies in that when
a user requests for configuration, the MA5600 adds the information on the user's access location
into the DHCP request packets from the user for authentication at the upper layer.
Field Description
Code One byte. This field is in the CLV format, used to uniquely
identify the following information.
Len One byte. This field indicates the length of the following
information.
Agent Information Field This field indicates the information in bytes. The length is
specified by the length field.
Option82 contains multiple sub options, which are contained in the value filed of Option82.
The MA5600 supports Option82 in different formats. For details, refer to "16.3 RAIO."
16.2.4 Implementation
This section describes the implementation of the DHCP Option82.
For details of the DHCP Option82 configuration, refer to "User Security Configuration" in the
MA5600 Configuration Guide.
16.2.5 Reference
This section describes the references on the DHCP Option82.
16.3 RAIO
This section describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the RAIO.
16.3.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the RAIO.
16.3.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
16.3.3 Principle
This section describes the principles of the RAIO.
16.3.4 Implementation
This section describes the implementation of the RAIO.
16.3.5 Reference
This section describes the references on the RAIO.
16.3.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the RAIO.
Definition
In the case that PTIP and DHCP Option82 are enabled, RAIO refers to the information on a
user's access location provided by the MA5600 in the VBAS response packet, PPPoE discovery
packet and DHCP Option82 packet for the BRAS to authenticate a user.
Purpose
RAIO indicates the access location of a user, which is provided by the MA5600 to the BRAS,
and based on which the BRAS authenticates the user.
Specification
RAIO contains the PITP tag and DHCP Option82 tag. Because RAIO has not standardized yet,
the formats required by different carriers vary. Hence, multiple RAIO modes are provided to
meet different carriers' needs.
The RAIO modes are:
l common
l port-userlabel
l service-port-userlabel
The default mode is common.
Glossary
None
16.3.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
No additional hardware is required for supporting RIAO.
16.3.3 Principle
This section describes the principles of the RAIO.
The following describes the RAIO modes, and the fields of each mode.
Common
l CID: In general, this field is used to identify the attributes of a device (global information).
The format varies with the access mode. Table 16-7 shows the CID formats in various
access modes.
ATM port Device name atm shelf No./slot No./sub slot No./port No.:
vpi.vci
VDSL/LAN access Device name eth shelf No./Slot No./Sub Slot No./Port No.:
User's VLAN ID
If the device name field is the default name MA5600, the MAC address of the
MA5600 is entered in this field. The format is 00E0FC000001 in upper case.
If the device name is not MA5600, the actual name of the device is used to fill the device
name field.
l RID: In general, this field is used to identify the access information of a user (local
information). The format can be customized. For the MA5600, this field is null, which
means the RID sub option contains only the Code and Len fields.
In this mode, this field for upstream/downstream ADSL activation rate is added at the end of
the CID default format. Currently, only the ADSL2+ board supports this mode.
Port-userlabel
In this mode, the CID field carries a customized description of a user's access location, besides
the description contained in common mode. The RID field also needs to carry the customized
description (Label), the length of which is up to 32 bytes.
Service-port-userlabel
The CID field supports ATM/ETH access. The RID field carries the information on a user's
flow.
16.3.4 Implementation
This section describes the implementation of the RAIO.
For details of the RAIO configuration, refer to "User Security Configuration" in the
MA5600 Configuration Guide.
16.3.5 Reference
This section describes the references on the RAIO.
16.4.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the IP address binding.
Definition
IP address binding indicates the binding between an IP address and a service virtual port. The
MA5600 allows only the upstream packets with the source address the same as the one bound
to pass through.
Purpose
The IP address binding feature guarantees the authentication security and the carriers' profits.
Specification
The MA5600 supports binding of IP addresses with up to 1024 service ports. Each service port
can be bound with up to eight IP addresses.
Glossary
None
16.4.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
No additional hardware is required for supporting the IP address binding.
16.4.3 Principle
This section describes the principles of the IP address binding.
After a service port is bound with an IP address, the service forwarding module checks the source
IP address of user packets. If the address is not the same as that bound with the port, the
MA5600 discards the packets. Otherwise, the MA5600 allows the packets to pass through.
16.4.4 Implementation
This section describes the implementation of the IP address binding.
The IP address binding takes effect automatically.
For details of the IP address binding configuration, refer to "User Security Configuration" in
the MA5600 Configuration Guide.
16.4.5 Reference
This section describes the references on the IP address binding.
16.5.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the MAC address binding.
Definition
MAC address binding indicates the binding between a MAC address and a service virtual port.
Thus, only the packets with the specified MAC address can be transmitted over the network.
Purpose
The MAC address binding feature can effectively avoid illegal access.
Specification
The MA5600 supports binding of MAC addresses with up to 1024 service ports.
The MA5600 supports binding of MAC addresses with up to 1024 service virtual ports. Each
service virtual port can be bound with up to eight MAC addresses.
Glossary
None
16.5.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
No additional hardware is required for supporting the MAC address binding.
16.5.3 Principle
This section describes the principles of the MAC address binding.
To implement the binding between a MAC address and a service virtual port, do as follows:
l Set the maximum number of MAC addresses that can be learned by a service virtual port
to 0.
l Set the static MAC address of the service virtual port.
In this way, the service forwarding module does not learn the MAC address of the user packets.
In addition, if the MAC address is not the same as any of the static MAC address configured for
the service virtual port, the MA5600 discards the packets.
Hence, only the packets with the specified MAC address can pass through the service virtual
port.
16.5.4 Implementation
This section describes the implementation of the MAC address binding.
The MAC address binding takes effect automatically.
For details of the MAC address binding configuration, refer to "User Security
Configuration" in the MA5600 Configuration Guide.
16.5.5 Reference
This section describes the references on the MAC address binding.
The following lists the references on the MAC address binding:
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
This section describes the hardware required for the feature, including boards and terminals.
16.6.3 Principle
This section describes the principles of the anti-MAC spoofing.
16.6.4 Implementation
This section describes the implementation of the anti-MAC spoofing.
16.6.5 Reference
This section describes the references on the anti-MAC spoofing.
16.6.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the anti-MAC spoofing.
Definition
MAC spoofing attack means that a malicious user forges a valid MAC address to attack a system.
If the forged MAC address is the MAC address of a valid user, the attack affects services of the
user.
If the forged MAC address is the MAC address of a system, or a large number of forged packets
of different MAC addresses are sent to the system, the attack might affect the system operation.
The system might even get down due to the attack.
Anti-MAC spoofing attack means the system takes measures to prevent a user from attacking
the system using a forged MAC address.
Purpose
To guarantee the system security and carriers' network security, the MA5600 prevents the MAC
spoofing attack in the following ways:
l For PPPoE and DHCP access users, the MA5600 disables the dynamic MAC address
learning feature, and allows only the packets of trusty MAC addresses to pass through a
port. This prevents a large number of packets of suspect MAC addresses from entering
carriers' networks.
l The MA5600 can detect and forbid a malicious user to forge the MAC address of an online
valid user. This guarantees that the services provisioned to all the valid users are not
affected.
Specification
The MA5600 supports the dynamic MAC address binding with up to 1024 service ports.
Each service port can be bound with up to eight MAC addresses dynamically.
Limitation
For a user with a static IP address, if the feature of anti-MAC spoofing attack is enabled, the
static MAC address must be configured manually.
Glossary
None
16.6.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
All the broadband access service boards of the MA5600 support anti-MAC spoofing.
16.6.3 Principle
This section describes the principles of the anti-MAC spoofing.
16.6.4 Implementation
This section describes the implementation of the anti-MAC spoofing.
For details of the anti-MAC spoofing configuration, refer to "User Security Configuration" in
the MA5600 Configuration Guide.
16.6.5 Reference
This section describes the references on the anti-MAC spoofing.
The following lists the references on the anti-MAC spoofing:
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
16.7.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the anti-IP spoofing.
Definition
IP spoofing attack means that a malicious user forges a valid IP address to attack a system.
Anti-IP spoofing attack means the system takes measures to prevent a malicious user from
attacking the system using a forged IP address.
Purpose
To guarantee the system security and carriers' network security, the MA5600 needs to prevent
the IP spoofing attack.
For DHCP access users, the MA5600 enables the feature of anti-IP spoofing, and allows only
the packets of trusty IP addresses allocated by the DHCP server to pass through a port. This
avoids the packets of forged or suspect IP addresses from entering carriers' networks.
Specification
The MA5600 supports the dynamic binding of up to 1024 service ports with the IP addresses.
Limitation
Do not manually configure the binding between the user account and the IP address for a DHCP
user. The anti-IP spoofing feature allows the MA5600 to control the packets from the user.
For a user with a static IP address, the static IP address needs to be bound manually. In this way,
the MA5600 can control the IP address over the network.
Glossary
None
16.7.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
All the broadband access service boards of the MA5600 support anti-IP spoofing.
16.7.3 Principle
This section describes the principles of the anti-IP spoofing.
The MA5600 implements the anti-IP address spoofing in the following way:
1. With the anti-IP spoofing switch turned on, the MA5600 binds the user account with the
user's IP address according the DHCP packets received.
2. The MA5600 discards the data packets sent before the binding.
3. If the source IP address contained in the data packets is the same as the one bound, the
MA5600 transmits the packets in the upstream direction, or else the MA5600 discards the
packets.
4. When the user gets offline, the MA5600 cancels the binding between the user account and
the IP address.
16.7.4 Implementation
This section describes the implementation of the anti-IP spoofing.
The anti-IP spoofing takes effect automatically.
For details of the anti-IP spoofing configuration, refer to "User Security Configuration" in the
MA5600 Configuration Guide.
16.7.5 Reference
This section describes the references on the anti-IP spoofing.
The following lists the references on the anti-IP spoofing:
l MA5600 Configuration Guide
17 PPPoA Access
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of PPPoA access.
17.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of PPPoA access.
17.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
17.3 Principle
This section describes the operating principles of PPPoA access.
17.4 Implementation
This section describes the implementation of PPPoA access.
17.5 Reference
This section describes the references on PPPoA access.
17.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of PPPoA access.
Definition
Point to Point Protocol over ATM Adaptation Layer 5 (PPPoA) access is an access mode in
which users can transmit PPPoA packets to the PPPoE server, that is, the upper layer broadband
remote access server (BRAS) based on Ethernet.
The MA5600 needs to handle the PPPoA packets from users and the PPPoE packets of the PPPoE
server to support the interworking function (IWF) between PPPoA packets and PPPoE packets.
Purpose
PPPoA access is used to support the IWF between PPPoA and PPPoE for the transition from
the ATM network to the IP network.
Specification
l PPP LLC and PPP VC-MUX encapsulation modes, and auto-sensing of the two modes
l PPP MRU > 1492
l Up to 4096 PPPoA users
Glossary
None
17.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
17.3 Principle
This section describes the operating principles of PPPoA access.
State=disconnected
LCP Config-Req
PPPoE PADI
PPPoE PADO
PPPoE
PPPoE PADR Discovery stage
PPPoE PADS
State=connected
PPP packet
PPPoE (PPP packet) PPPoE
. Session stage
.
.
.
.
PPP packet .
PPPoE (PPP packet) PPP session
terminates
address allocated by the MA5600 to the user, and sends the packets to the BRAS. For the
downstream packets, the process is on the contrary.
7. The BRAS sends the PADT packet or the PPPoA user sends the LCP configure terminate
packet to terminate the session.
17.4 Implementation
This section describes the implementation of PPPoA access.
The PPPoA access feature takes effect automatically. For details of the PPPoA access
configuration, refer to "ADSL2+ Service Configuration" in the MA5600 Configuration
Guide.
17.5 Reference
This section describes the references on PPPoA access.
The following lists the references on PPPoA access:
l IETF RFC2364: PPP Over AAL5
l IETF RFC2516: A Method for Transmitting PPP Over Ethernet (PPPoE)
l DSL Forum TR-101: Migration to Ethernet-Based DSL Aggregation
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
18 IPoA Access
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of IPoA access.
18.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of IPoA access.
18.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
18.3 Principle
This section describes the operating principles of IPoA access.
18.4 Implementation
This section describes the implementation of IPoA access.
18.5 Reference
This section describes the references on IPoA access.
18.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of IPoA access.
Definition
IPoA access is an access mode in which:
l The IPoA packets are analyzed and the payloads of IP packets are converted into Ethernet
frames for upstream transmissions to the upper layer network.
l The downstream IPoE packets are converted into IPoA packets and then forwarded to users.
Purpose
IPoA access is usually used for leased line access for the transition from the ATM network to
the IP network.
Specification
The MA5600 supports the following IPoA specifications:
l Compliance with RFC2684 to support IPoA static users
l Compliance with RFC1577 to support IPoA dynamic users
l Up to 1024 IPoA users
l Up to 512 different user gateways
l Automatic discovery of the LLC-IP encapsulation mode
l L2 and L3 IPoA applications
Glossary
None
18.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
l The ADSL2+ and SHDSL service boards support IPoA access.
l The modem must support RFC2684 or RFC1577.
18.3 Principle
This section describes the operating principles of IPoA access.
L2 IPoA
In this scenario, the MA5600 works in L2 routing mode. The IP address of the default user
gateway is the IP address of the L3 interface of the upper layer device. The MA5600 converts
IPoA packets into IPoE packets without the L3 routing function.
The user gateways of IPoA must be configured by the administrator, and multiple IPoA users
can use the same gateway.
L3 IPoA
In this scenario, the MA5600 works in L3 routing mode. The IP address of the default user
gateway is the IP address of the L3 interface of the MA5600. The MA5600 converts IPoA packets
into IPoE packets, and forwards them according to the destination IP addresses.
The user gateways of IPoA must be configured by the administrator, and multiple IPoA users
can use the same gateway.
Process
The MA5600 allocates a source MAC address for each IPoA user, and obtains the MAC address
of the user gateway through the ARP protocol. These two MAC addresses are the source and
destination MAC addresses of Ethernet frames for conversion between ATM packets and
Ethernet frames.
Figure 18-1 shows the IPoA implementation process.
IP IP IP IP
18.4 Implementation
This section describes the implementation of IPoA access.
The IPoA access feature takes effect automatically. For details of the IPoA access configuration,
refer to "ADSL2+ Service Configuration" in the MA5600 Configuration Guide.
18.5 Reference
This section describes the references on IPoA access.
The following lists the references on IPoA access:
l RFC2684: Multiprotocol Encapsulation over ATM Adaptation Layer 5
l RFC1577: Classical IP and ARP over ATM
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of a subtended network configuration.
19.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations a subtended network configuration.
19.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
19.3 Principle
This section describes the operating principles of a subtended network configuration.
19.4 Implementation
This section describes the implementation of a subtended network configuration.
19.5 Reference
This section describes the references on a subtended network configuration.
19.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations a subtended network configuration.
Definition
A subtended network configuration is a configuration in which the MA5600s are subtended in
several tiers through the FE/GE ports.
Purpose
Subtended network configurations make the networking of the MA5600s more flexible, thus
saving the upstream line resources of the access point. The remote subtended network
configurations save the convergence equipment resource and also simplify the networking.
Specification
The MA5600 supports the following subtending specifications:
l The subtending ports of the MA5600 are provided by the control board (SCU) and the
ETHA board.
l The ports provided by the SCU board can be the upstream ports or the subtending ports.
l The SCU board provides up to six ports.
l It is recommended that up to seven nodes can be included in an RSTP subtended network.
Limitation
If two SCU boards are configured, a local subtended network configuration supports only the
optical ports.
Glossary
19.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
A subtended network configuration needs the subtending boards. The boards of the MA5600
that support subtending include the control boards SCUB/SCUK.
19.3 Principle
This section describes the operating principles of a subtended network configuration.
According to the location, the subtended network configurations supported by the MA5600
consist of the local and remote subtended network configurations.
SCU SCU
SPL
Rx Tx Rx Tx
SPL
Splitter Splitter
Rx Tx Rx Tx
If two SCU boards are configured, only the FE/GE optical ports subtending is supported. The
subtended network configuration is implemented through the optical splitter, as shown in Figure
19-1.
Figure 19-2 shows the local subtended network configuration in a daisy chain topology.
SCU SCU
SPL
Rx Tx Rx Tx
SPL
Splitter Splitter
Rx Tx Rx Tx
The local subtended network configuration of the MA5600 is implemented through the SCU
board. Each SCU board provides six ports for the upstream transmission or subtending. The
number of subtending ports depends on the bandwidth requirements. In an active/standby
configuration, the subtended network configuration is implemented through the optical splitter.
S
P
L
SPL
S
S P
P L
L
The SCU board can provide the subtending ports for a remote subtended network configuration.
A remote subtended network configuration can be an RSTP ring network. The control board
SCU can support the RSTP ring network, as shown in Figure 19-4. In an active/standby
configuration, the subtended network configuration is implemented through the optical splitter.
Each node in the RSTP ring network can be subtended with local and remote network. The
networking mode is flexible to meet different networking requirements.
S S
C C
U U
RSTP
S S
C C
U U
19.4 Implementation
This section describes the implementation of a subtended network configuration.
The feature of a subtended network configuration takes effect automatically. For details of the
subtended network configuration, refer to "Device Subtending Configuration" in the
MA5600 Configuration Guide.
19.5 Reference
This section describes the references on a subtended network configuration.
The following lists the references on a subtended network configuration:
l IEEE 802.1w Rapid Spanning Tree
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
20 Environment Monitoring
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the environment monitoring.
20.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the environment monitoring.
20.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
20.3 Principle
This section describes the operating principles of the environment monitoring.
20.4 Implementation
This section describes the implementation of the environment monitoring.
20.5 Reference
This section describes the references on the environment monitoring.
20.1 Introduction
This section describes the definition, purpose, specification, glossary, as well as acronyms and
abbreviations of the environment monitoring.
Definition
Environment monitoring includes environment parameter monitoring and power supply
monitoring.
l Environment parameter monitoring refers to monitoring the environment factors that may
lead to device fault or damage. The monitoring items include temperature, humidity, door
status switch, water, smoke, main distribution frame (MDF), and door status sensor.
l Power supply monitoring refers to monitoring the power supply, including input mains,
DC power supply, rectifier unit, and batteries.
To monitor the environment, use the serial port cable to connect the monitoring serial port on
the device to the communication serial port on the device to be monitored. Users can monitor
the device status directly through the private protocols.
l You can monitor the power supply status, fan status, external batteries status, and built-in
environment monitoring status.
l For the external sensors provided, you can also monitor the functions of the sensors,
including temperature, humidity, buzzer, and cabinet LEDs.
l You can also modify the configuration as required, such as the alarm value, power supply
and battery group control parameters.
Purpose
Environment monitoring is used to monitor the running status of the device in time to discover
the fault immediately. In this case, the telecom network can be more stable.
Specification
l Supports monitoring the fans
l Supports monitoring the H303ESC
l Supports monitoring the H304ESC
l Supports monitoring the Power4845
Glossary
None
20.2 Availability
This section describes the hardware required for the feature, including boards and terminals.
20.3 Principle
This section describes the operating principles of the environment monitoring.
One upper layer device manages multiple lower layer devices. In this way, the MA5600
implements the environment monitoring function. The devices in upper and lower layers
communicate with each other through the master-slave protocol. Figure 20-1 shows the basic
principles of environment monitoring of the MA5600.
Here, the upper layer device is the control board of the device, and the lower layer device is the
monitoring board or monitoring shelf that monitors the environment.
Upper-layer device
The interactive method of the upper layer device and the lower layer device is as follows:
l The upper layer device manages and maintains the lower layer device.
l The upper layer device delivers the user commands to the lower layer device after analysis,
and the lower layer device performs the related operations.
l The lower layer device detects and processes the external data through its hardware
interface, and then reports the data to the upper layer device.
EMU
The device that can monitor the environment must exist. The monitoring devices are classified
into the following types:
The device, no matter whether it is independent or in other devices, is called an EMU if it can
perform environment monitoring.
A monitoring process board and a port for communicating with the host must exist on the EMU.
l H303ESC
The H302ESC supports built-in sensor and provides port for extended sensor to enhance
the flexibility of environment monitoring.
The intelligent power supply can be monitored.
The battery cannot be directly monitored. You can monitor the battery by using the
extended sensor.
l H304ESC
The upgraded board for the H303ESC. It is compatible with all the functions of the
H303ESC, and can also manage the battery.
l FAN
The fan tray can perform monitoring, that is, the monitoring board is integrated in the fan
tray. The fan tray can monitor the simple built-in analog parameters and built-in digital
parameters. The port for extended sensor is not provided. The power supply and battery
cannot be monitored.
l Power4845
The Power4845 is an embedded power supply. It supports built-in sensor and provides port
for extended sensor. Power4845 is a power supply that can monitor itself. The battery can
also be monitored.
Slave Node
The environment is monitored through the master slave communication mode. In this case, the
lower layer device (also called slave node device) must own an unique identification code.
Otherwise, the communication in the point-to-multipoint networking or the multipoint-to-
multipoint networking fails. The unique identification code of the lower layer device is the salve
node number (also called slave node address). The identification code is determined by the
hardware, which is similar to the MAC address of the network adapter. Generally, the monitoring
board of the lower layer device provides the DIP switch to adjust other slave code numbers.
Ensure that the salve nodes of the lower layer devices corresponding to the same upper layer
device must be unique. Otherwise, the communication between the upper layer device and the
lower layer device fails.
Analog Parameter
Analog parameter is a consecutive parameter, such as temperature, voltage, and current. The
analog monitoring port is used to connect to the analog sensor to monitor the analog parameter
in time.
The attributes of the analog sensor include:
l Upper alarm threshold and lower alarm threshold: They are used to judge whether the
analog parameter can generate an alarm. If the analog parameter meets the following
requirements, the system works in the normal state.
Lower alarm threshold <= Current tested value <= Upper alarm threshold
: indicates the error of the hardware
l Upper test threshold and lower test threshold: The test range is restricted on the sensor. The
test range on some sensors are adjustable. The test result varies with different test range.
The alarm threshold must be in the test range.
l Sensor type: Generally, the sensor includes current mode sensor and voltage mode sensor.
This parameter is desired when the analog parameter is configured.
l Unit: It is defined according to the tested object and test accuracy.
l Current value and current status: The analog parameter can report the tested analog
parameter in time, and generally display the analog parameter status (over high, over low,
or normal).
For the EMU, the analog parameter includes built-in analog parameter and extended analog
parameter.
l Generally, built-in analog parameter is fixed. For example, the H303ESC board is fixed
with the temperature sensor and humidity sensor. Except upper alarm threshold and lower
alarm threshold, users cannot modify other built-in analog parameters.
l The extended analog parameter is changeable. Users can configured the analog sensor as
desired.
Digital Parameter
Compared with the analog parameter, digital parameter is a discrete value to indicate the status.
Digital parameter include two values: normal or faulty. The digital analog sensor detects the
status according to the comparison of the high and low levels.
The attributes of the digital analog parameter include: alarm level, valid level, sensor type, and
current status.
l Alarm level: When the digital level is equal to the alarm level, the digital sensor generates
an alarm. For example: When the alarm level of the digital sensor is configured as high
level, if the tested digital parameter becomes high level, the digital sensor generates an
alarm. If the digital parameter becomes low level, the digital sensor does not generate an
alarm.
l Valid level: It is opposite to the alarm level. When the digital parameter level is equal to
the valid level, the digital parameter does not generate an alarm.
l Sensor type: Generally, the sensor includes current mode sensor and voltage mode sensor.
This parameter is desired when the digital parameter is configured.
l Current status: The status detected by the voltage mode sensor.
For the EMU, the digital parameter includes built-in analog parameter and extended analog
parameter.
l Generally, built-in digital parameter is fixed. For example, the H303ESC board is fixed
with the door sensor and MDF sensor. Except valid level, users cannot modify other built-
in digital parameters.
l The extended digital parameter is changeable. Users can configured the digital sensor as
desired.
20.4 Implementation
This section describes the implementation of the environment monitoring.
The environment monitoring feature takes effect automatically. For details of the environment
monitoring configuration, refer to "Environment Monitoring Configuration" in the
MA5600 Configuration Guide.
20.5 Reference
This section describes the references on the environment monitoring.
The following lists the references on the environment monitoring:
l MA5600 Configuration Guide
l MA5600 Command Reference
l MA5600 Alarm Reference
21 Ethernet OAM
This chapter describes the definition, purpose, specifications, principles, glossary, acronyms and
abbreviations, and standard compliance of the Ethernet OAM.
21.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of Ethernet OAM.
21.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
21.3 Principle
This section describes the operating principles of Ethernet OAM.
21.4 Implementation
This section describes the implementation of Ethernet OAM.
21.5 Reference
This section describes the references on Ethernet OAM.
21.1 Introduction
This section describes the definition, purpose, specification, limitation, glossary, as well as
acronyms and abbreviations of Ethernet OAM.
Definition
In a broad sense, operations, administration and maintenance (OAM) means a tool for monitoring
and diagnosing network faults. Ethernet OAM is defined as Connectivity Fault Management in
IEEE 802.1ag to provide an end-to-end fault detection and diagnosis solution.
Purpose
Ethernet is a widely used local area network technology because of its rich bandwidth, low cost,
convenience for plug-and-play, and support of multipoint operations.
As the Ethernet technology is gradually developing from carriers' networks to metropolitan area
networks (MANs) and wide area networks (WANs), the network management and maintenance
are increasingly important. Currently, however, Ethernet has no carrier-class management
capability, and thus fails to detect the L2 network faults.
Ethernet OAM provides an end-to-end fault detection solution to monitor, diagnose, and
troubleshoot the Ethernet.
Specification
The MA5600 supports the following Ethernet OAM specifications:
l Up to 3 maintenance domains (MDs)
l Up to 48 maintenance associations (MAs)
l Up to 48 MAs in an MD
l Support of a maintenance end point (MEP) and up to six remote maintenance end points
(RMEPs) by each MA
Limitation
The MA5600 Ethernet OAM has the following limitations:
l If 48 MAs are configured in MD 0, no MA can be configured in MD 1 or MD 2.
l MEPs can be configured only on the upstream ports and the ports in the Ethernet subtending
board.
l The system supports neither maintenance association intermediate points (MIPs) nor
internal ports.
Glossary
MD Maintenance domain
MA Maintenance association
LB Loopback
LT Linktrace
21.2 Availability
This section describes the hardware required for this feature, including boards and terminals.
The SCUB/SCUK board supports Ethernet OAM.
21.3 Principle
This section describes the operating principles of Ethernet OAM.
NOTE
The MEP refers to the port in the MA5600 in this section unless otherwise specified.
Ethernet CFM
Ethernet CFM includes connectivity check, loopback detection, and link tracing.
Figure 21-1 shows the connectivity check.
IP network
To connect two MA5600s, configure the two MA5600s in the same MA (MA 0) of the same
MD (MD 0), and configure MA5600-1 (MEP ID: 300) and MA5600-2 (MEP ID: 5600) as two
MEPs. After Ethernet OAM is enabled, all MEPs initiatively send connectivity check messages
at intervals and receive the connectivity check messages from other MEPs.
Connectivity Check
The network connectivity is monitored through the connectivity check messages transmitted at
intervals to a multicast domain. The process is as follows:
l Each MEP (such as MA5600-1) initiatively sends connectivity check messages at intervals.
A connectivity check message contains the configuration information of MA5600-1.
l Each MEP (such as MA5600-2) can receive connectivity check messages without sending
the response messages. When MA5600-2 receives the messages from any other MEP, it
checks the information contained in the messages.
l If an MEP fails to receive any messages or receives undesired messages within a certain
period of time, it indicates that the network fails.
As shown in Figure 21-1, if link 1 fails, MEP 5600 will fail to receive any connectivity check
message from MEP 300 within a certain period of time. In this case, MEP 5600 reports a message
loss alarm. In this way, the users of MA5600-2 can know the connectivity with other networks
(such as the network in which MA5600-1 is located).
IP network
MIP-1
21.4 Implementation
This section describes the implementation of Ethernet OAM.
The Ethernet OAM feature takes effect automatically.
For details of the Ethernet OAM configuration, refer to "Ethernet OAM Configuration" in the
MA5600 Configuration Guide.
21.5 Reference
This section describes the references on Ethernet OAM.
The following lists the references on Ethernet OAM:
A attachment circuit
ACL access control list
ARP Address Resolution Protocol
AS autonomous system
ABR area border router
ASBR autonomous system boundary router
ATM asynchronous transfer mode
B
BPDU bridge protocol data unit
BRAS broadband remote access server
C
CAC connection admission control
CAR committed access rate
CC continuity check message
CE customer edge
CFM connectivity fault management
CST common spanning tree
CIST common and internal spanning tree
CSPF constraint shortest path first
D
DHCP Dynamic Host Configuration Protocol
F
FEC forwarding equivalence class
FTTH fiber to the home
FTTx fiber to the x
H
HDSL high-speed digital subscriber line
I
ICMP Internet Control Message Protocol
IGMP Internet Group Management Protocol
IP Internet Protocol
IPoA Internet Protocol over ATM
IPoE IP over Ethernet
L
LB loopback
LT linktrace
TLV type, length, value
LSR label switching router
LER label switching edge router
LSP label switched path
M
MA maintenance association
MEP maintenance association end point
MIP maintenance association intermediate point
MPLS multi-protocol label switch
MSTP Multiple Spanning Tree Protocol
N
NTP Network Time Protocol
O
OAM operations administration and maintenance
OSPF open shortest path first
OLT optical line terminal
ONU optical network unit
ONT optical network terminal
P
P2P point to point
PSTN public switched telephone network
PVC permanent virtual channel
PQ priority queuing
PTM packet transfer mode
PBO power back off
PE provider edge
PITP Policy Information Transfer Protocol
PPPoA point to point protocol over ATM adaptation layer 5
PPPoE point to point protocol over Ethernet
PWE3 pseudo wire emulation edge-to-edge
PW pseudo wire
PVP permanent virtual path
Q
QinQ 802.1Q in 802.1Q
QoS quality of service
R
RAIO relay agent information option
RIP Routing Information Protocol
S
SFTP Secure File Transfer Protocol
SNMP Simple Network Management Protocol
SSH secure shell
STP Spanning Tree Protocol
SHDSL single-line high speed digital subscriber line
SPF shortest path first
STU-C SHDSL transceiver unit - central office end
STU-R SHDSL transceiver unit - remote end
T
TE traffic engineering
TEDB TE database
ToS type of service
TC-PAM trellis coded pulse amplitude modulation
V
VLAN virtual LAN
VoIP voice over IP
VP virtual path
VBAS virtual broadband access server
W
WRR weighted round robin
X
xDSL x digital subscriber line
Index
Symbols/Numerics ARP
ARP mapping list, 4-3
10 address segments (each firewall), 15-12 definition, 4-2
1000 static routes, 11-9 function, 4-2
2300 dynamic routes, 11-10 hardware, 4-3
256 static LSPs, 14-3 implementation, 4-4
802.1Q tag principle, 4-5
CFI, 2-4 reference information, 4-4
PRI, 2-4 specification, 4-2
type, 2-4 ARP proxy
VID, 2-4 definition, 4-5
A hardware, 4-5
implementation, 4-6
access location, 16-14 principle, 4-3
ACL reference information, 4-7
definition, 5-2 ATM subtending
filtering, 5-4 definition, 13-2
function, 5-2 principle, 13-3
hardware, 5-4 availability
implementation, 5-5 DHCP relay, 3-3
principle, 5-4 multicast, 9-3
reference information, 5-5 NTP, 8-3
restriction, 5-3 PPPoA access, 17-2
specification, 5-2 subtended network configuration, 19-3
type, 5-2 triple play, 10-3
ACL-based firewall, 15-11
address segment configuration
definition, 15-12 C
principle, 15-12 classification of route, 11-5
analog parameter of environment monitoring, 20-4 Connectivity check, 21-4
anti-DoS attack counting to infinity (loop avoidance), 11-11
availability, 15-6
definition, 15-5
anti-ICMP/IP attack
D
definition, 15-7 daisy chain topology, 19-4
principle, 15-7 defect
anti-IP spoofing STP, 7-4
definition, 16-23 definition
principle, 16-24 ACL, 5-2
reference information, 16-24 ARP, 4-2
anti-MAC spoofing ARP proxy, 4-5
definition, 16-21 ATM subtending, 13-2
principle, 16-22 DHCP relay, 3-2
reference information, 16-23 environment monitoring, 20-2
VLAN
definition, 2-2
MUX VLAN, 2-6
QinQ VLAN, 2-8
smart VLAN, 2-4
standard VLAN, 2-2
super VLAN, 2-14
VLAN stacking, 2-11
VLAN stacking
definition, 2-11
principle, 2-12
purpose, 2-11
restriction, 2-12
specification, 2-12
VoIP principle, 10-3
W
WRR
definition, 6-6
principle, 6-6