Huawei NE40E-X1X2 Product Description (2012!11!10)

HUAWEI NE40E-X1/NE40E-X2 Universal ServiceRouter V600R006C00

Product Description

Issue 01

Date 2012-11-10

HUAWEI TECHNOLOGIES CO., LTD.

Issue 01 (2012-11-10) Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd. i

Copyright © Huawei Technologies Co., Ltd. 2012. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior

written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective

holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and

the customer. All or part of the products, services and features described in this document may not be

within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements,

information, and recommendations in this document are provided "AS IS" without warranties, guarantees or

representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the

preparation of this document to ensure accuracy of the contents, but all statements, information, and

recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base

Bantian, Longgang

Shenzhen 518129

People's Republic of China

Website: http://www.huawei.com

Email: [email protected]

http://www.huawei.com/

mailto:[email protected]

HUAWEI NE40E-X1/NE40E-X2 Universal

ServiceRouter

Product Description About This Document


Copyright © Huawei Technologies Co., Ltd.

ii

About This Document

Purpose

This document describes the product positioning and features, product architecture, link

features, service features, application scenarios, operation and maintenance, and technical

specifications of the NE40E device.

This document provides an overall description of the NE40E device, which helps intended

readers get a general understanding of all the product features.

Related Versions

The following table lists the product versions related to this document.

Product Name Version

HUAWEI NE40E-X1 &

NE40E-X2 Universal Service

Router

V600R006C00

U2000 V100R008C00

Intended Audience

This document is intended for:

Network planning engineers

Hardware installation engineers

Commissioning engineers

Data configuration engineers

On-site maintenance engineers

Network monitoring engineers

System maintenance engineers


ServiceRouter

Product Description About This Document



iii

Symbol Conventions

The symbols that may be found in this document are defined as follows.

Symbol Description

Indicates a hazard with a high level of risk, which if not

avoided, will result in death or serious injury.

Indicates a hazard with a medium or low level of risk,

which if not avoided, could result in minor or moderate

injury.

Indicates a potentially hazardous situation, which if not

avoided, could result in equipment damage, data loss,

performance degradation, or unexpected results.

Indicates a tip that may help you solve a problem or save

time.

Provides additional information to emphasize or

supplement important points of the main text.

Change History

Updates between document issues are cumulative. Therefore, the latest document issue

contains all updates made in previous issues.

Changes in Issue 01 (2012-11-10)

The first commercial release.


ServiceRouter

Product Description Contents



iv

Contents

About This Document .................................................................................................................... ii

1 New Hardware and Features in the V600R006C00 ................................................................. 1

2 Positioning...................................................................................................................................... 2

3 Product Architecture ..................................................................................................................... 3

3.1 Physical Architecture........................................................................................................................................ 3

3.2 Logical Architecture ......................................................................................................................................... 4

3.3 Software Architecture ....................................................................................................................................... 5

3.4 Data Forwarding Process ................................................................................................................................. 7

4 Technical Specifications .............................................................................................................. 9

5 FPIC................................................................................................................................................ 11

6 Link Features ................................................................................................................................ 14

6.1 Ethernet Link Features ................................................................................................................................... 14

6.2 POS Link Features ......................................................................................................................................... 15

6.3 CPOS Link Features ....................................................................................................................................... 15

6.4 ATM Link Features ........................................................................................................................................ 16

6.5 CE1/CT1/E3/CT3 Link Features .................................................................................................................... 17

7 Service Features ........................................................................................................................... 18

7.1 Ethernet Features ............................................................................................................................................ 18

7.1.1 Layer 2 Ethernet Features ..................................................................................................................... 18

7.1.2 Layer 3 Ethernet Features ..................................................................................................................... 19

7.1.3 QinQ Features ....................................................................................................................................... 19

7.1.4 Flexible Access to VPNs ....................................................................................................................... 20

7.1.5 RRPP Link Features .............................................................................................................................. 20

7.1.6 RSTP/MSTP Features ........................................................................................................................... 20

7.1.7 BPDU Tunneling Features .................................................................................................................... 21

7.2 IP Features ...................................................................................................................................................... 21

7.2.1 IPv4/IPv6 Dual Stack ............................................................................................................................ 21

7.2.2 IPv4 Features ........................................................................................................................................ 21

7.2.3 IPv6 Features ........................................................................................................................................ 22

7.2.4 IPv4/IPv6 Transition Technology .......................................................................................................... 22


ServiceRouter

Product Description Contents



v

7.3 Routing Protocol ............................................................................................................................................ 22

7.3.1 Unicast Routing .................................................................................................................................... 22

7.3.2 Multicast Routing .................................................................................................................................. 24

7.4 MPLS ............................................................................................................................................................. 25

7.5 VPN Features ................................................................................................................................................. 29

7.5.1 Tunnel Policy ........................................................................................................................................ 29

7.5.2 VPN Tunnel .......................................................................................................................................... 29

7.5.3 MPLS L2VPN ....................................................................................................................................... 29

7.5.4 BGP/MPLS L3VPN .............................................................................................................................. 31

7.6 QoS................................................................................................................................................................. 32

7.7 Load Balancing .............................................................................................................................................. 36

7.8 Traffic Statistics .............................................................................................................................................. 37

7.9 IP RAN Features ............................................................................................................................................ 38

7.10 Network Reliability ...................................................................................................................................... 39

7.11 Clock ............................................................................................................................................................ 44

8 Security Features ......................................................................................................................... 47

9 Energy Conservation and Emission Reduction ..................................................................... 52

10 Applicable Environment ......................................................................................................... 54

10.1 Metro Ethernet Solution ............................................................................................................................... 54

10.2 Dual-Stack User Access and Transition Solutions........................................................................................ 58

11 Operation and Maintenance ................................................................................................... 60

11.1 System Configuration Modes ....................................................................................................................... 60

11.2 System Management and Maintenance ........................................................................................................ 61

11.3 Device Running Status Monitoring .............................................................................................................. 61

11.4 HGMP .......................................................................................................................................................... 62

11.5 System Service and Status Tracking ............................................................................................................. 63

11.6 System Test and Diagnosis ........................................................................................................................... 63

11.7 NQA ............................................................................................................................................................. 63

11.8 In-Service Debugging ................................................................................................................................... 64

11.9 Upgrade Features .......................................................................................................................................... 64

11.10 License ....................................................................................................................................................... 65

11.11 Other Operation and Maintenance Features ............................................................................................... 65

12 NMS ............................................................................................................................................. 66

A Acronyms and Abbreviations .................................................................................................. 68


ServiceRouter

Product Description 1 New Hardware and Features in the V600R006C00



1

1 New Hardware and Features in the V600R006C00


ServiceRouter

Product Description 2 Positioning



2

2 Positioning

Huawei NE40E-X1&NE40E-X2 (hereinafter referred to as the NE40E-X1&NE40E-X2) are a

high-end network product used to access, converge, and transmit carrier-class Ethernet

services on Fixed-Mobile Convergence (FMC) Metropolitan Area Networks (MANs).

The NE40E-X1&NE40E-X2 operate on the Versatile Routing Platform (VRP) operating

system developed by Huawei and adopts the hardware-based forwarding and non-blocking

data switching technology. The NE40E-X1&NE40E-X2 feature carrier-class reliability,

line-speed forwarding capability, perfect Quality of Service (QoS) mechanism, service

processing capability, and good expansibility.

The NE40E-X1&NE40E-X2 provide strong capabilities in network access, Layer 2 switching,

and transmission of Ethernet over Multi-Protocol Label Switching (EoMPLS) services. The

NE40E-X1&NE40E-X2 also support rich IP services and provides broadband access, triple

play, IP leased line, and Virtual Private Network (VPN) services. The NE40E-X1&NE40E-X2

can also work in conjunction with the CX200/300, NE80E, NE40E, ME60, and MA5200G

developed by Huawei to set up a hierarchical metro Ethernet that provides rich services for

customers.

NE40E-X2 NE40E-X1


ServiceRouter

Product Description 3 Product Architecture



3

3 Product Architecture

About This Chapter

3.1 Physical Architecture

3.2 Logical Architecture

3.3 Software Architecture

3.4 Data Forwarding Process

3.1 Physical Architecture

The physical architecture includes the following systems:

Power distribution system

Functional host system

Heat dissipation system

Network management system

All systems except the network management system (NMS) are located in an integrated

cabinet. The power distribution system consists of power modules working in n+n backup

mode.

The following describes only the functional host system.

The functional host system is composed of the system backplane, MPUs, NPUs, and PICs.

The functional host system processes data. In addition, it monitors and manages the entire

system, including the power distribution system, heat dissipation system, and NMS through

NMS interfaces. Figure 3-1 shows the functional host system of the NE40E.


ServiceRouter




4

Figure 3-1 Functional host system

Data Bus

-48 V PSU

(Power Support

Unit)

MPU

(Master)

MPU

PIC 0-7

(Physical

Interface Card)

NPU

NPU

FANMonitor Bus

GE/FE/E1

etc

Control Bus

GE/Console/

Bits/USBMonitor Bus

Control Bus

Monitor Bus

Control Bus

Data Bus

Monitor Bus

Control Bus

Monitor Bus

Control Bus

Monitor Bus

Control Bus

Monitor Bus

Control Bus

Data Bus

Monitor Bus

Control Bus

PSU

(Power Support

Unit)

Ba

ckpla

ne

(Slave)

-48 V

2*10G

2*10GGE/Console/

Bits/USB

The NE40E-X1 has only one NPU and four PICs.

3.2 Logical Architecture

The logical architecture of the NE40E consists of the following planes:

Data plane

Control and management plane

Monitoring plane

Figure 3-2 shows the logical architecture.


ServiceRouter




5

Figure 3-2 Logical architecture

MPU

NPUI PIC * N

Forwarding

unit

Management

unit

NPUI

MPU

Data channel

Monitoring

plane

Control and

management

plane

Data plane

System

monitoring unit

PICs

management unit

Forwarding

unit

Management

unit

System

monitoring unit

System

monitoring unitSystem

monitoring unit

The data plane is responsible for high speed processing and non-blocking switching of

data packets. It encapsulates or decapsulates packets, forwards IPv4/IPv6/MPLS packets,

performs QoS as well as scheduling and internal high-speed switching, and collects

statistics.

The control and management plane completes all control and management functions for

the system and is the core of the entire system. Control and management units process

protocols and signals, and maintain, manage, report on, and control system status.

The monitoring plane monitors the ambient environment to ensure secure and stable

operation of the system. It detects voltage levels, controls system power-on and-off,

monitors temperature, and controls fan modules. When a unit fails, the monitoring plane

isolates the faulty unit promptly so that other parts of the system can continue to run

normally.

3.3 Software Architecture

Figure 3-3 and Figure 3-4 show the software architecture of the NE40E


ServiceRouter




6

Figure 3-3 Software architecture of NE40E-X1

Power

Monitoring

FAN

Monitoring

SNMPRPS

Master

RPS

Slave

IPC

NPUP

IC

PIC

PIC

PIC

Figure 3-4 Software architecture of NE40E-X2

Power

Monitoring

FAN

Monitoring

SNMPRPS

Master

RPS

Slave

IPC

NPU

PIC

PIC

PIC

PIC

NPU

PIC

PIC

PIC

PIC

Software of the NE40E consists of the Routing Process System (RPS), power monitoring

system, fan monitoring system.


ServiceRouter




7

The RPS, which includes IPOS software, VRP software, and product-adaptation software, is

the control and management module that runs on the MPU. The RPS on the active MPU and

the one on the standby MPU back up each other. RPSs support IPv4/IPv6, MPLS, LDP, and

routing protocols, calculate routes, establish LSPs and multicast distribution trees, generate

unicast, multicast, and MPLS forwarding tables, and they deliver information concerning all

the preceding mentioned to the LPU.

The FSU implements the functions of the link layer and some functions of the IP protocol

stack on interfaces.

The EFU performs hardware-based IPv4/IPv6 forwarding, multicast forwarding, MPLS

forwarding, and has a statistics functions.

3.4 Data Forwarding Process

Figure 3-5 Data forwarding process

PIC

DatagramDatagram

Processing on the incoming

interface

Upstream traffic classification

Searching the

routing table to

forward packets

QoS in the

upstream

Congestion

management

Queue

scheduling

IPv4 unicast

IPv4 multicast

MPLS

IPv6

MAC

Packet fragmentation

SFU

Micro cell Micro cell

Packet reassembly

Multicast replication

QoS in the

downstreamCongestion

management

Queue

scheduling

Packet

encapsulation

and forwarding

in the

downstream

IPv4 unicast

IPv4 multicast

MPLS

IPv6

Processing on the outgoing

interface

Downstream traffic

classification

PFE

TM

As shown in Figure 3-5, the Packet Forwarding Engine (PFE) adopts a Network Processor

(NP) or an Application Specific Integrated Circuit (ASIC) to implement high-speed packet

routing. External memory types include Static Random Access Memory (SRAM), Dynamic


ServiceRouter




8

Random Access Memory (DRAM), and Net Search Engine (NSE). The SRAM stores

forwarding entries; the DRAM stores packets; the NSE performs searching routing table.

Data forwarding processes can be divided into upstream and downstream processes based on

the direction of the data flow.

Upstream process: The Physical Interface Card (PIC) encapsulates packets to frames and

then sends them to the PFE. On the PFE of the inbound interface, the system

decapsulates the frames and identifies the packet types. It then classifies traffic according

to the QoS configurations on the inbound interface. After traffic classification, the

system searches the Forwarding Information Base (FIB) for the outbound interfaces and

next hops of packets to be forwarded. To forward an IPv4 unicast packet, for instance,

the system searches the FIB for the outbound interface and next hop according to the

destination IP address of the packet. Finally, the system sends the packets containing

information about outbound interfaces and next hops to the traffic management (TM)

module.

Downstream process: Information about packet types that have been identified in the

upstream process and about the outbound interfaces is encapsulated through the link

layer protocol and the packets are stored in corresponding queues for transmission. If an

IPv4 packet whose outbound interface is an Ethernet interface, the system needs to

obtain the MAC address of the next hop. Outgoing traffic is then classified according to

the QoS configurations on the outbound interfaces. Finally, the system encapsulates the

packets with new Layer 2 headers on the outbound interfaces and sends them to the PIC.


ServiceRouter

Product Description 4 Technical Specifications



9

4 Technical Specifications

Physical Specifications

Table 4-1 Physical Specifications

Item X2 X1

Dimensions (width x

depth x height)

442 mm x 220 mm x 222 mm

(5 U height)

442 mm x 220 mm x 132 mm

( 17.40 in. x 8.66 in. x 5.20

in. )

Installation Mounted in an N63B cabinet, a standard 19-inch cabinet, or a

23-inch North American open rack

Weight (in full

configuration)

22 kg 14 kg ( 30.87 lb )

Typical power 650 W 350 W

Heat dissipation 2109 BTU/hour 1136 BTU/hour

DC input

voltage

Rated

voltage

-48 V

Maximum

voltage

range

-38 V to -72 V

AC input

voltage

Rated

voltage

220 V

Maximum

voltage

range

90 V to 275 V (recommend)

175 V to 275 V

Ambient

temperat

ure

Long-term 5°C to +50°C ( 23°F to 122°F )

Short-term -20°C to +60°C ( -4°F to 140°F ) (Short-term refers to a period of

not more than 96 consecutive hours and a total of not more than

15 days in 1 year.)

Remarks Temperature change rate limit: 30°C/hour ( 86°F/hour )


ServiceRouter

Product Description 4 Technical Specifications



10

Item X2 X1

Storage temperature -40°C to +70°C ( -40°F to 158°F )

Relative

ambient

humidity

Long-term 5% to 85% RH, non-condensing

Short-term 5% to 95% RH, non-condensing

Relative storage

humidity

0% to 95% RH, non-condensing

Altitude for permanent

work

Lower than 3000 m ( 9842.4 ft )

Storage altitude Lower than 5000 m (16404 ft )

System Configuration

Table 4-2 System Configuration

Item X2 X1

SDRAM 2 GB 2 GB

CF card 1 GB 1 GB

USB interface USB2.0 Host USB2.0 Host

Forwarding capacity 40 Gbit/s 20 Gbit/s

Packets forwarding rate 60 Mpps 30 Mpps

Backplane bandwidth 450 Gpbs 285 Gpbs

Interface capacity Non-line-rate: 75.2 Gbit/s

Line-rate: 40Gbit/s

Non-line-rate: 52 Gbit/s

Line-rate: 20Gbit/s

Number of subcard

slots

8 4

Number of MPU slots 2 2

Number of NPU slots 2 1


ServiceRouter

Product Description 5 FPIC



11

5 FPIC

The NE40E-X2 has eight slots for subcards. Subcards are hot swappable and support

automatic configuration recovery.

The NE40E-X1 has four slots for subcards. Subcards are hot swappable and support

automatic configuration recovery.

Table 5-1 Subcards supported by the NE40E-X2 and NE40E-X1

Interface Name Description Remarks

8-Port 100/1000Base-X-SFP

High-speed Interface Card

(HIC)

Supports the

synchronization Ethernet

feature and multiple types of

optical modules.

Supports the GE optical

module to provide GE

optical interfaces.

Supports the FE optical

module to provide FE

optical interfaces.

Supports the SFP

electrical module to

provide the features of

100 M/1000 M

auto-sensing electrical

interfaces.

Supports the mixed use

of the preceding

modules.

Supports hot swapping.

Subcards of this type can be

inserted in the slots 5, 6, 9,

and 10 on the NE40E-X2,

and the slots 2, 3, 4 and 5 on

the NE40E-X1.


High-speed Interface Card

A (HIC, Supporting 1588v2)

Supports synchronization

Ethernet feature and

multiple types of optical

modules, and complies with

the 1588v2 standard.

Supports the GE optical module to provide GE





the NE40E-X1.


ServiceRouter




12


optical interfaces.



optical interfaces.

Supports the SFP


provide 100 M/1000 M


interfaces. (In this case,

the synchronization

Ethernet feature is not

supported.)


of the preceding

modules.



High-speed Interface

Card(HIC)

Supports the

synchronization Ethernet

feature and multiple types of

optical modules.

Supports the GE optical

module to provide GE

optical interfaces.



optical interfaces.

Supports the SFP


provide the features of

100 M/1000 M


interfaces.


of the preceding

modules.






the NE40E-X1.

4-Port OC-3c/STM-1c

POS-SFP Flexible Interface

Card(FIC)

Supports hot swapping. Subcards of this type can be


6, 9, 10, 11, and 12 on the

NE40E-X2, and in the slots

2, 3, 4 and 5 on the

NE40E-X1.

8-Port 100Base-X-RJ45

Flexible Interface

Card(FIC,Supporting

1588v2)



6, 9, 10, 11, and 12 on the


2, 3, 4 and 5 on the NE40E-X1.


ServiceRouter




13


8-Port 100Base-X-SFP

Flexible Interface Card

(FIC, Supporting 1588v2)



6, 9, 10, 11, and 12 on the



NE40E-X1.

Auxiliary Flexible Interface

Card with 4-Port

100Base-RJ45(FIC,

Supporting 1588v2)

Supports on-site ambient

monitoring, including the

monitoring of burglarproof

switches and smoke sensors.


Only one subcard of this

type can used on a device.

1-Port Channelized

OC3c/STM1c POS-SFP

Flexible Interface Card

(FIC)

Supports hot swapping, the

clock synchronization

feature, and three protocols:

Circuit Emulation Service

(CES), Inverse Multiplexing

for ATM (IMA), and

Multi-link Point-to-Point

Protocol (ML-PPP).



6, 9, 10, 11, and 12 on the



NE40E-X1.

16-Port E1 Flexible

Interface Card(FIC,120ohm)



6, 9, 10, 11, and 12 on the



NE40E-X1.

16-Port E1 Flexible

Interface Card(FIC,75ohm)



6, 9, 10, 11, and 12 on the



NE40E-X1.

4-Port OC-3c/STM-1c

ATM-SFP Flexible Interface

Card (FIC)



6, 9, 10, 11, and 12 on the



NE40E-X1.


ServiceRouter

Product Description 6 Link Features



14

6 Link Features

About This Chapter

6.1 Ethernet Link Features

6.2 POS Link Features

6.3 CPOS Link Features

6.4 ATM Link Features

6.5 CE1/CT1/E3/CT3 Link Features

6.1 Ethernet Link Features

The NE40E provides the following features on Ethernet interfaces:

Flow control and auto negotiation of rates

Bundling of interfaces of different rates

Binding of interfaces on different boards into one Eth-Trunk

Eth-Trunk member interfaces in active/standby mode

The NE40E can perform active/standby switchover automatically on Eth-Trunk member

interfaces when the link status of interfaces changes.

Addition or deletion of member interfaces to or from an Eth-Trunk interface

The NE40E can sense the Up or Down status of member interfaces, thus dynamically

changing the bandwidth of the Eth-Trunk.

Layer 2 and Layer 3 Eth-Trunk interfaces

E-Trunk, that is, Eth-Trunk interface whose member interfaces reside on different

devices

Association between Eth-Trunk links and BFD

LACP defined in 802.3ad

The Link Aggregation Control Protocol (LACP) maintains link status according to

interface status. LACP adjusts or disables link aggregation in the case of aggregation

changes.

Ethernet clock synchronization

1588v2 clock


ServiceRouter




15

VLAN sub-interfaces

Interface loopback, including local loopback and remote loopback

6.2 POS Link Features

The NE40E provides the following POS features:

SDH/SONET encapsulation

Point-to-Point Protocol (PPP) on POS interfaces

PPP supports the following protocols:

− Link Control Protocol (LCP)

− Internet Protocol Control Protocol (IPCP)

− Multi-Protocol Label Switching Control Protocol (MPLSCP)

− Password Authentication Protocol (PAP)

− Challenge Handshake Authentication Protocol (CHAP)

High-level Data Link Control (HDLC) on POS interfaces

IP-Trunk

The NE40E supports the following IP bundling modes:

− Inter-board IP bundling

− Inter-chassis IP bundling

− IP bundling of channels of different rates

− Dynamic creating and removing of IP-Trunk interfaces

− Bundling of a physical channel into an IP-Trunk by using commands on physical

interfaces


Configuration of the MTUs for IPv4, IPv6, and MPLS packets

POS interfaces support SDH alarms at the section layer, line layer, and path layer.

The troubleshooting procedure for POS interfaces is as follows:

A POS interface prompts a fault and then notifies the control software on the board of the

fault.

The control software of the board confirms the fault, updates the interface status, and

then notifies the MPU of the interface status.

The MPU instructs the routing protocol to perform route convergence.

To ensure fast route convergence and network stability, the SPF timer and LSP timer need to

be configured on the POS interface to function together with route convergence.

6.3 CPOS Link Features

The NE40E provides the following CPOS features:

Channelization


ServiceRouter




16

The E1 interface channalized from a CPOS interface, in compliance with SAToP, can

transparently transmit unstructured TDM services through PWs on an MPLS network.

The E1 interface channalized from a CPOS interface, in compliance with CESoPSN, can

transparently transmit structured TDM services through PWs on an MPLS network.

ML-PPP/PPP/HDLC/ATM/TDM/ATM IMA

The NE40E provides CPOS interfaces at 155 Mbit/s. At the link layer, CPOS interfaces

support the following protocols:

− Frame Relay

− ML-PPP

− TDM

− ATM IMA


6.4 ATM Link Features

The NE40E provides the following ATM features:

SDH/SONET encapsulation

ATM interfaces on the NE40E support SONET/SDH encapsulation and the

SONET/SDH overhead configuration and physical layer alarms.

Permanent Virtual Path (PVP) or PVC

PVPs or PVCs can be created on ATM interfaces:

− VP/VC-based traffic shaping

− User-to-Network Interface (UNI) signaling

− Multiprotocol Encapsulation over ATM Adaptation Layer 5 in RFC 1483

− Classical IP and ARP over ATM in RFC 1577

− F4 or F5 End to End Loopback OAM

− AAL5

− Nonreal-time Variable Bit Rate (nrt_VBR)

− Unspecified Bit Rate (UBR)

− Real-time Variable Bit Rate (rt_VBR)

− Constant Bit Rate (CBR)

IPoA

The NE40E supports the following modes in setting up the mapping between a PVC and

the IP address of the peer device:

− Static mapping

− Inverse Address Resolution Protocol (InARP)

ATM sub-interfaces

ATM OAM

The NE40E supports F4 and F5 OAM. OAM functions in detecting the status of PVPs or

PVCs.

1483B

1483B supported by the NE40E is applicable to IPoEoA. IPoEoA indicates that Ethernet

packets are carried over AAL5 and IP packets are carried over the Ethernet. This


ServiceRouter




17

implements Layer 2 forwarding of IPoEoA packets between the Ethernet and PVC. By

converging the ATM backbone network and the IP network, IPoEoA supports various

Ethernet and IP services.

ATM cell relay

The NE40E supports PVC-based or PVP-based ATM cell relay and AAL5 SDU relay.

The NE40E supports the following ATM cell relay modes:

− Interface-based ATM cell relay

− 1-to-1 VCC cell relay

− N-to-1 VCC cell relay

− 1-to-1 VPC cell relay

− N-to-1 VPC cell relay

− ATM AAL5-SDU VCC transport


Configuration of the MTUs for IPv4 and MPLS packets

Line clocks

Scrambling and descrambling of transmitted data

Configuration of the shutdown and undo shutdown commands on ATM interfaces

Configuration of the shutdown and undo shutdown commands on PVCs/PVPs

Configuration of the shutdown and undo shutdown commands on sub-interfaces

AAL5 SNAP encapsulation

Cell relay and IWF on different sub-interfaces of the same ATM interface

6.5 CE1/CT1/E3/CT3 Link Features

The NE40E provides CE1/CT1/E3/CT3 interfaces.

Serial interfaces can be channelized from CE1/CT1/E3/CT3 interfaces. CE1/CT1/E3/CT3

interfaces and their serial interfaces support the following functions:

PPP

HDLC

CRTP/ECRTP


Configuration of the MTUs for IPv4 and MPLS packets

CE1/CT1 interfaces and their serial interfaces support the following link protocols:

ATM

TDM

ATM IMA


ServiceRouter

Product Description 7 Service Features



18

7 Service Features

About This Chapter

7.1 Ethernet Features

7.2 IP Features

7.3 Routing Protocol

7.4 MPLS

7.5 VPN Features

7.6 QoS

7.7 Load Balancing

7.8 Traffic Statistics

7.9 IP RAN Features

7.10 Network Reliability

7.11 Clock

7.1 Ethernet Features

7.1.1 Layer 2 Ethernet Features

On the NE40E, Ethernet interfaces can work in switched mode at Layer 2 and support VLAN,

VPLS, and QoS services. Functioning as UNIs, Layer 2 Ethernet interfaces support MPLS

VPN services.

The NE40E provides the following Layer 2 Ethernet features:

Default VLAN

VLAN trunk

VLANIF interfaces

VLAN aggregation

Inter-VLAN port isolation


ServiceRouter




19

Ethernet sub-interfaces

VLAN aggregated sub-interfaces

Port number-based VLAN division

VLAN mapping

VLAN stacking

MAC address limit

Unknown unicast/multicast/broadcast suppression

Spanning Tree Protocol (STP)/Rapid Spanning Tree Protocol (RSTP)

Multiple Spanning Tree Protocol (MSTP)

RRPP with switching time less than 50 ms

7.1.2 Layer 3 Ethernet Features

The NE40E provides the following Layer 3 Ethernet features:

IPv4

IPv6

MPLS

Multicast

VLAN sub-interfaces

QoS

Ethernet sub-interfaces

VLAN aggregation sub-interfaces

7.1.3 QinQ Features

The NE40E provides abundant QinQ features to satisfy different networking requirements.

The QinQ features are as follows:

Identification of double VLAN tags (inner VLAN tag and outer VLAN tag)

Change of the outer VLAN ID

Removal of double VLAN tags and then addition of new double VLAN tags

QinQ mapping for the outer VLAN tag

QinQ interface supporting 802.1ag

Change of the EtherType value and 802.1p priority in the outer VLAN tag; copy of the

802.1p priority in the inner VLAN tag to the outer VLAN tag of double-tagged packets

Traffic classification based on the 802.1p priorities in the outer VLAN tags of packets

Rate limit on interfaces based on the 802.1p priorities in both inner and outer VLAN tags

Interface-based QinQ

Interface-based QinQ is applicable to the following scenarios:

− Access to a VPLS network to transparently transmit VLAN packets

− Access to an L2VPN or PWE3 to transparently transmit VLAN packets

VLAN-based QinQ

802.1ag

QinQ termination


ServiceRouter




20

EType in the outer tag of QinQ packets used for interoperation with devices of other

vendors

Multicast QinQ

QinQ-based VLAN swapping

VLAN stacking can be applied in the following scenarios:

− Access to VPLS

− Access to VLL or PWE3

Translation sub-interface supporting 1to1, 1to2, 2to1, 2to2 VLAN tag translation

Sub-interface for QinQ VLAN tag termination supporting VLAN tag swapping

Sub-interface for dot1q VLAN tag termination, sub-interface for QinQ VLAN tag

termination, QinQ stacking sub-interface, and translation sub-interface supporting the

block action

ACLs based on double VLAN tags and 802.1p precedence

Sub-interfaces for QinQ VLAN tag termination accessing a VPLS network in

symmetrical mode supporting HQoS

Sub-interface for QinQ VLAN tag termination and sub-interface for dot1q VLAN tag

termination supporting IPv6 routing protocols


termination supporting BFDv6

Dynamic QinQ triggered by ND/DHCPv6 in IPv6 scenarios


termination supporting VRRPv6

Sub-interface for QinQ VLAN tag termination IPv4 URPF

Sub-interface for QinQ VLAN tag termination IPv6 URPF

7.1.4 Flexible Access to VPNs

In traditional access identification, user information or service information is identified

through a single tag or double tags. For example, the inner tag indicates user information

and the outer tag indicates service information. Different interfaces are configured with

different double tags to access different VPNs. In some scenarios, the access device does not

support QinQ or a single tag is used for multiple services. In this case, the access device may

add service access information to the 802.1p or DSCP field. Then, the NE40E connected to

the access device needs to use the 802.1p or DSCP value to identify access users. This helps

configure the accesses to different VPNs and set up different QoS scheduling policies.

7.1.5 RRPP Link Features

The Rapid Ring Protection Protocol (RRPP) supports the following functions:

Polling mechanism

Link status change notification

Mechanism of checking the channel status of the sub-ring protocol packets on the major

ring

7.1.6 RSTP/MSTP Features

The NE40E supports the following:

RSTP


ServiceRouter




21

MSTP

MSTP provides BPDU protection to defend against such attacks. After the BPDU protection

is enabled, the switch shuts down the edge port that receives BPDUs. At the same time, the

switch informs the NMS of the situation. The edge port can be enabled by the network

administrator.

NE40E can restrict the sending of Layer 2 and Layer 3 protocol packets such as RSTP and

DHCP through CP-CAR. This avoids influencing device performance.

7.1.7 BPDU Tunneling Features

The NE40E supports BPDU tunneling in the following modes:

Port-based BPDU tunneling

VLAN-based BPDU tunneling

QinQ-based BPDU tunneling

VLL-based transparent transmission of BPDUs

VPLS-based transparent transmission of BPDUs

7.2 IP Features

7.2.1 IPv4/IPv6 Dual Stack

The IPv4/IPv6 dual stack can be easily implemented and can smoothly interoperate with other

protocols. Figure 7-1 shows the structure of the IPv4/IPv6 dual stack.

Figure 7-1 IPv4/IPv6 dual stack

IPv4 IPv6

TCP UDP

IPv4/IPv6 Application

Link Layer

7.2.2 IPv4 Features

The NE40E supports the following IPv4 features:

TCP/IP protocol suite, including ICMP, IP, TCP, UDP, socket (TCP/UDP/Raw IP), and

ARP

Static DNS and specified DNS server

FTP server/client and TFTP client


ServiceRouter




22

DHCP relay agent and DHCP server

Suppression of DHCP flooding

Ping, tracert, and NQA

NQA can detect the status of ICMP, TCP, UDP, DHCP, FTP, HTTP, and SNMP services

and test the response time of the services. The system supports NQA in UDP jitter and

ICMP jitter tests by sending and receiving packets on LPUs. The minimum interval at

which packets are transmitted can be 10 ms. Each LPU supports up to 100 concurrent

jitter tests. The entire system supports up to 1000 concurrent jitter tests.

IP policy-based routing (PBR) and flow-based next hop to which packets are forwarded

IP PBR-based load balancing

Load balancing in unequal cost multiple path (UCMP) mode

Configuration of secondary IP addresses for all physical and logical interfaces

Each interface can be configured with a maximum of 255 secondary IP addresses with

31-bit masks.

7.2.3 IPv6 Features

The NE40E supports the following IPv6 features:

IPv6 Neighbor Discovery (ND)

Path MTU Discovery (PMTU)

TCP6, ping IPv6, tracert IPv6, and socket IPv6

Static IPv6 DNS and specified IPv6 DNS server

TFTP IPv6 client

IPv6 PBR

Telnet and SSH

7.2.4 IPv4/IPv6 Transition Technology

The NE40E provides the following IPv4/IPv6 transition technologies:

IPv6 over IPv4 tunnel

The NE40E adopts the following IPv6 over IPv4 tunnel modes:

− IPv6 manual tunnel

− IPv6 over IPv4 GRE tunnel

− IPv4 over IPv6 automatic tunnel

− 6 to 4 tunnel

6PE and 6vPE

7.3 Routing Protocol

7.3.1 Unicast Routing

The NE40E supports the following unicast routing features:

IPv4 routing protocols, including RIP, OSPF, IS-IS, and BGP4


ServiceRouter




23

IPv6 routing protocols, including Routing Information Protocol Next Generation (RIPng),

OSPFv3, IS-ISv6, and BGP4+

Static routes that are manually configured by the administrator to simplify network

configurations and improve network performance

Large-capacity routing table to effectively support the operation of a MAN.

Selection of the optimal route through the perfect routing policy

Import of routing information of other protocols

Use of routing policies in advertising and receiving routes and filtering of routes through

route attributes

Support for load balancing and configuring the maximum number of equal-cost routes

32-channel load balancing of IPv6 routes

Password authentication and MD5 authentication to improve network security

Restart of protocol processes through command lines

RIP-1 (classful routing protocol) and RIP-2 (classless routing protocol)

Advertisement of a default route from a RIP-enabled device to its peers and setting of the

metric of this route

RIP-triggered updates

Disabling a specified interface from sending or receiving OSPF or RIP packets

Association between OSPF and BGP

Association between OSPF and LDP

Fast OSPF convergence, which can be implemented in the following manners:

− Adjusting the interval at which LSAs are sent

− Enabling OSPF GR

− Configuring BFD for OSPF

OSPF I-SPF and IS-IS I-SPF (I-SPF re-calculates only the affected routes of a shortest

path tree (SPT) rather the entire SPT)

OSPF PRC

OSPF calculation of link costs based on the reference bandwidth

Link costs can be manually configured or automatically calculated by the system based

on the reference bandwidth by using the following formula:

Link cost = Reference bandwidth/Interface bandwidth

The integer of the calculated result is the link cost. If the calculated result is smaller than

1, the cost is 1. The link cost can be changed by changing the reference bandwidth. By

default, the reference bandwidth of the NE40E is 100 Mbit/s. The value can be changed

to one in the range of 1 to 2147483648 in Mbit/s by running commands.

Two-level IS-IS in a routing domain

Association between IS-IS and LDP

IS-IS GR, OSPF GR and BGP GR, which ensure high reliability with Non-Stop

Forwarding (NSF)

BGP indirect next hop and dynamic update peer-groups

Policy-based route selection by BGP when there are multiple routes to the same

destination

BGP route reflector (RR), which addresses the problem of high costs of full-mesh

requirement when there are many IBGP peers

Sending of BGP Update packets that carry no private AS number


ServiceRouter




24

IPv6 indirect next hop

Route dampening, which suppresses unstable routes (unstable routes are neither added to

the BGP routing table nor advertised to other BGP peers)

Routing protocol

BGP fast convergence

The NE40E adopts a new route convergence mechanism and algorithm, which speeds up

convergence of BGP routes. The features are as follows:

− Indirect next hop

− On-demand route iteration

BGP load balancing in multi-homing networking

Non-Stop Routing (NSR)

The NE40E supports the following NSR modes:

− IS-IS NSR

− BGP NSR

7.3.2 Multicast Routing

The NE40E provides the following multicast features:

Multicast protocols

Multicast protocols include the Internet Group Management Protocol (IGMP) ( IGMPv1,

IGMPv2 and IGMPv3), Protocol Independent Multicast-Dense Mode (PIM-DM),

Protocol Independent Multicast-Sparse Mode (PIM-SM), Multicast Source Discovery

Protocol (MSDP), and Multi-protocol Border Gateway Protocol (MBGP).

Reverse Path Forwarding (RPF)

PIM-SSM

Anycast RP

IPv6 multicast routing protocols

IPv6 multicast routing protocols include PIM-IPv6-DM, PIM-IPv6-SM, and

PIM-IPv6-SSM.

MLD

Multicast Listener Discovery (MLD) has the following versions:

− MLDv1 defined in RFC 2710

MLDv1 supports Any-Source Multicast (ASM) directly and supports Source-Specific

Multicast (SSM) together with SSM mapping.

− MLDv2 defined in RFC 3810

MLDv2 supports ASM and SSM directly.

Multicast static routes

Configuration of multicast protocols on physical interfaces such as Ethernet and POS

interfaces, and Trunk interfaces.

Filtering of routes based on the routing policy when the multicast routing module

receives, imports, or advertises multicast routes and filtering and forwarding of multicast

packets based on the routing policy when IP multicast packets are forwarded

Multicast VPN

The multicast domain (MD) scheme is used to implement integrated processing.

Addition and deletion of dummy entries


ServiceRouter




25

Query of PIM neighbors and number of control messages

Filtering of PIM neighbors, control of the forwarding boundary, and control of the BSR

service and management boundary

Filtering and suppression of PIM Register messages

MSDP authentication

IGMP packet rate limiting and IGMP proxy

Prompt leave of IGMP and MLD group members and the use of group-policies to restrict

the setup of forwarding entries

Configuration of ACLs, including source address-based packet filtering, control of

multicast group number, setup of multicast forwarding entries, and Switch-MDT

switching, to ensure multicast security

Multicast group-based, multicast source-based, multicast source/group-based,

stable-preferred, and balance-preferred load splitting

IGMP snooping

The NE40E supports IGMP snooping on Layer 2 interfaces, Layer 3 interfaces, QinQ

interfaces, STP topologies, RRPP rings, and VPLS PWs.

Multicast flow control

The NE40E discards or broadcasts unknown multicast packets in the VLAN to which the

receiving interface belongs. Unknown multicast packets are packets that have no

corresponding forwarding entries in the multicast forwarding table.

In addition, the NE40E restricts the maximum percentage of multicast flows on Ethernet

interfaces to control multicast traffic.

VSI-based IGMP CPCAR

Distributed multicast

Maximum delay of less than 4 ms for multicast fast join and fast leave

Multicast VLAN

The NE40E supports multicast VLAN and VLAN-based 1+1 protection of multicast

traffic.

Multicast VPN

For details, see section "7.5 VPN Features".

Multicast CAC

The NE40E supports multicast Call Admission Control (CAC). When multicast CAC

rules are configured, the number of multicast groups and bandwidth are restricted for

IGMP snooping on interfaces or the entire system.

7.4 MPLS

The NE40E supports MPLS features, and static and dynamic LSPs. Static LSPs require that

the administrator configure the Label Switch Routers (LSRs) along the LSPs and set up LSPs

manually. Dynamic LSPs are set up dynamically in accordance with the routing information

through the Label Distribution Protocol (LDP) and RSVP-TE.

The delay for MPLS packets can be controlled in the following aspects:

In the case that there is no traffic congestion, the NE40E adopts a high-speed processor

to ensure line-rate forwarding and low delay.


ServiceRouter




26

In the case of traffic congestion, the NE40E ensures preferential forwarding and low

delay for traffic with high priority through mechanisms such as QoS, HQoS, MPLS TE,

and DS-TE.

MPLS is supported on all interfaces of the NE40E.

Basic MPLS Functions

The NE40E supports the following MPLS functions:

Basic MPLS functions, service forwarding, and LDP

MPLS distributes labels, sets up LSPs, and transfers parameters used for setting up LSPs.

A maximum of four MPLS labels

LDP

− Downstream Unsolicited (DU) and Downstream on Demand (DoD) label

advertisement modes

− Independent and ordered label distribution control modes

− Liberal and conservative label retention modes

− Loop detection mechanism by using the maximum number of hops and path vector

− Basic discovery mechanism and extended discovery mechanism of LDP sessions

MPLS ping and tracert and detection of the availability of an LSP through the exchange

of MPLS Echo Request packets and MPLS Echo Reply packets

LSP bandwidth alarm function and LSP-based traffic statistics function that is used to

calculate bandwidth usage

Configuration of 32-channel or 64-channel load balancing (on the ingress and transit

nodes) that is controlled by the PAF file, with 64-channel load balancing applicable to IP

forwarding, IP packet forwarding over LDP LSPs (including L3VPN), and packet

forwarding on P nodes

Management functions such as the LSP loop detection mechanism

MPLS QoS, mapping from the ToS field in IP packets to the EXP field in MPLS packets,

and MPLS uniform, pipe, and short pipe modes

Static configuration of LSPs and label forwarding based on traffic classification

MPLS trap function

Modification of MPLS MTUs

MPLS LDP over GRE

Association between LDP and IGP, which shortens traffic loss to the minimum through

the synchronization between the LDP status and IGP status in case of network faults

NE40E functioning as a Label Edge Router (LER) or an LSR

An LER is an edge device on an MPLS network that connects the MPLS network to

other networks. The LER classifies services, distributes labels, encapsulates or removes

multi-layer labels. When functioning as an egress, the NE40E supports PHP. That is, the

NE40E allocates an explicit null label or an implicit null label to the penultimate hop.

An LSR is a core router on an MPLS network. The LSR switches and distributes labels.

Establishment of LSPs between NE40Es of different IS-IS levels and between the

NE40E and non-Huawei devices through LDP

MPLS supported by the NE40E complies with the following standards:

− RFC 3031


ServiceRouter




27

− RFC 3032

− RFC 3034

− RFC 3035

− RFC 3036

− RFC 3037

The NE40E supports CR-LDP and RSVP-TE and can interoperate with non-Huawei

devices through CR-LDP or RSVP-TE.

MPLS TE

The MPLS TE technology combines the MPLS technology with traffic engineering. It can

reserve resources by setting up LSP tunnels for a specified path in an attempt to avoid

network congestion and balance network traffic.

In the case of resource scarcity, MPLS TE allows the preemption of bandwidth resources of

LSPs with low priorities. This meets the demands of important services or the LSPs with large

bandwidth. When an LSP fails or a node is congested, MPLS TE can ensure smooth network

communication through the backup path and the fast reroute (FRR) function. Through

automatic re-optimization and bandwidth adjustment, MPLS TE improves the self-adaptation

capability of tunnels and properly allocates network resources.

The process of updating the network topology through the TEDB is as follows: When a link

goes Down, the CSPF failed link timer is enabled. If the IGP route is deleted or the link is

changed within the timeout period of the CSPF failed link timer, CSPF deletes the timer and

then updates the TEDB. If the IGP route is not deleted or the link is not changed after the

timeout period of the CSPF failed link timer expires, the link is considered Up.

MPLS TE provides the following functions:

Processing of static LSPs

MPLS can create and delete static LSPs, which require bandwidth but are manually

configured.

Processing of Constrained Route-Label Switched Path (CR-LSP) of various types and

route calculation through the CSPF algorithm

CR-LSPs are classified into the following types:

RSVP-TE

RSVP authentication complies with RFC 3097.

Auto routing

Auto routing works in either of the following modes:

− IGP shortcut: An LSP is not advertised to neighboring routers. Therefore, other

routers cannot use the LSP.

− Forwarding adjacency: An LSP is advertised to neighboring routers. Therefore, other

routers can use the LSP.

Fast reroute (FRR)

The switchover through FRR is within 50 ms, which minimizes the data loss when

network faults occur.

Auto FRR

Auto FRR is an extension to MPLS TE FRR. You can create a bypass tunnel that meets

the requirement on the LSP by configuring the attributes of the bypass tunnel, global auto FRR, and auto FRR on the interface of the primary tunnel. With the change of the


ServiceRouter




28

primary tunnel, the previous bypass tunnel is deleted automatically. Then, a new bypass

tunnel that meets the requirement is set up.

Backup CR-LSP

The NE40E supports the following backup modes:

− Hot backup

A backup CR-LSP is established immediately after the primary CR-LSP is

established. When the primary CR-LSP fails, MPLS TE switches traffic immediately

to the backup CR-LSP.

− Ordinary backup

A backup CR-LSP is set up when the primary CR-LSP fails.

LDP over TE

In existing networks, not all devices support MPLS TE. It is possible that only the

devices at the network core support TE and the devices at the network edge use LDP.

The application of LDP over TE is therefore put forward. With LDP over TE, the TE

tunnel is considered as a hop of the entire LDP LSP. Through forwarding adjacency, one

MPLE TE tunnel can be considered as a virtual link and advertised to an IGP network.

Make-before-break

Make-before-break is a technology for ensuring highly reliable CR-LSP switchover. The

original path is not deleted until a new path has been created. Before a new CR-LSP is

created, the original CR-LSP is not deleted. After a new CR-LSP has been created, the

traffic is switched to the new CR-LSP first, and then the original CR-LSP is deleted. This

ensures non-stop traffic forwarding.

DS-TE

DS-TE implemented on the NE40E supports the Non-IETF mode and the IETF mode.

− The Non-IETF (non-standard) mode supports two CTs (CT0 and CT1), eight

priorities (0-7), and two bandwidth constraint models (RDM and MAM).

The CT here refers to the class type of a corresponding service flow. The priority here

refers to the LSP preemption priority.

− The IETF (standard) mode supports eight CTs (CT0 through CT7), eight priorities

(0-7), and three bandwidth constraint models (RDM, MAM, and Extended).

DS-TE supports TE FRR, hot standby, protection switchover, and CT-based traffic

statistics collection.

MPLS OAM

MPLS OAM functions are as follows:

MPLS OAM detection

MPLS OAM sends CV/FFD and BDI packets along an LSP to be detected and its reverse

LSP to detect its connectivity.

OAM auto protocol

Protection switching


ServiceRouter




29

7.5 VPN Features

7.5.1 Tunnel Policy

Tunnel policies are used to select tunnels according to destination IP addresses. Tunnels are

selected according to tunnel policies as required. If no tunnel policy is created, the tunnel

management module searches for a tunnel according to the default tunnel policy.

The NE40E supports the following tunnel policies:

Tunnel policy in select-sequence mode

In this mode, you need to specify the sequence in which the tunnel types are selected and

the number of tunnels carrying out load balancing. If a tunnel listed earlier is Up, it is

selected regardless of whether other services have selected it. The tunnels listed later are

not selected except in case of load balancing or when the preceding tunnels are all Down.

VPN tunnel binding

VPN tunnel binding means that the peer end of the VPN on the PE of the VPN backbone

network is associated with a certain MPLS TE tunnel. The data from the VPN to the peer

PE is transmitted through the dedicated TE tunnel. The bound TE tunnel carries only

specified VPN services. This ensures QoS of the specified VPN services.

7.5.2 VPN Tunnel

The NE40E supports the following types of VPN tunnels:

LSPs

TE tunnels

7.5.3 MPLS L2VPN

The NE40E provides L2VPN services over an MPLS network where the ISP can provide

L2VPNs over different media.

VLL

The NE40E supports the following VLL functions:

Martini VLL

The Martini mode supports double labels. The inner label adopts extended LDP for

signaling in compliance with RFC 4096.

The type of VC FEC is 128. VC encapsulation types include 0x0004 Ethernet Tagged

Mode, 0x0005 Ethernet, and 0x000B IP Layer2 Transport.

Kompella VLL

VC encapsulation types of Kompella VLL include ATM-1to1-VCC, ATM-1to1-VPC,

ATM-AAL5-SDU, ATM-nto1-VCC, ATM-nto1-VPC, ATM-trans-cell, Ethernet, PPP,

VLAN, and IP-interworking.

Kompella VLL supports the local inter-board switching of packets in 802.1Q mode.

Kompella VLL supports inter-AS VPN.

CCC VLL

CCC VLL supports the local inter-board switching of packets in 802.1Q mode

SVC VLL


ServiceRouter




30

VLL heterogeneous interworking

VLL heterogeneous IP-interworking is used when the link types of CEs on both ends of

an L2VPN link are different. In MPLS L2VPN heterogeneous IP-interworking, after

receiving a frame from a CE, a PE decapsulates the link-layer packet and transmits the IP

packet across an MPLS network. The IP packet is transparently transmitted to the peer

PE. The peer PE re-encapsulates IP packet according to its link layer protocol and

transmits the packet to the connected CE. The link-layer control packet sent by the CE is

processed by the PE and is not transmitted through the MPLS network. All non-IP

packets such as MPLS and IPX packets are discarded.

Transparent transmission of certain types of link layer protocol packets

Interfaces can be configured to transparently transmit certain types of link layer protocol

packets, such as BPDUs, STP packets, LLDP packets, UDLD packets, CDP packets, and

HGMP packets.

Inter-AS VLL

− SVC VLL, Martini VLL, and Kompella VLL can implement inter-AS L2VPN Option

A (VRF-to-VRF).

− Option B requires the switching of both inner and outer labels on the ASBR, and is

therefore not suitable for the VLL.

− Option C is the best solution.

VLL over TE ECMP

VPLS

In a VPLS network, PEs can be all connected to each other and enabled with split horizon to

prevent Layer 2 loops.

The implementations of VPLS control plane through BGP and LDP are called Kompella

VPLS and Martini VPLS respectively.

Kompella VPLS

Kompella VPLS has good scalability. With Kompella VPLS, BGP is adopted for

signaling, and VPN targets are configured to implement automatic discovery of VPLS

members. Therefore, the addition or deletion of PEs requires few additional operations.

Martini VPLS

Martini VPLS has poor scalability. With Martini VPLS, LDP is adopted for signaling,

and the peers of a PE need to be manually specified. PEs in a VPLS network are all

connected to each other. Therefore, adding a new PE requires configurations on all the

other associated PEs to be modified.A pseudo wire (PW) is actually a point-to-point link.

This means that using LDP to create, maintain, and delete the PW is more effective.

The NE40E supports the following VPLS functions:

Access to the VPLS network in QinQ mode

HVPLS

IGMP snooping for VPLS

One MAC address space for each VSI

VPLS learns MAC addresses in the following modes:

− Unqualified mode: In this mode, a VSI can contain multiple VLANs sharing a MAC

address space and a broadcast domain. When learning MAC addresses, VPLS also

needs to learn VLAN IDs.


ServiceRouter




31

− Qualified mode: In this mode, a VSI has only one VLAN, which has an independent

MAC address space and a broadcast domain. When learning MAC addresses, VPLS

does not need to learn VLAN IDs.

VPLS/HVPLS equal-cost load balancing

Fast switching of multicast traffic

mVPLS

STP over PW

STP over VPLS

Transparent transmission of certain types of link layer protocol packets

Interfaces can be configured to transparently transmit certain types of link layer protocol

packets, such as BPDUs, STP packets, LLDP packets, UDLD packets, CDP packets, and

HGMP packets.

Ethernet loop detection

PBB over VPLS

PBB VPLS interworking

The NE40E supports MP2MP PBB over VPLS to implement intercommunication

between VPLS and PBB networks.

PWE3

The NE40E supports the following PWE3 functions:

Virtual Circuit Connectivity Verification PING (VCCV-PING)

The NE40E supports the manual LDP PW connectivity detection on the UPE, including

the connectivity of static PWs, dynamic PWs, SS-PWs, and MS-PWs.

VCCV Ping over a static MS-PW

PW template

The NE40E supports the binding between a PW and a PW template, and the reset of

PWs.

The NE40E supports heterogeneous interworking.

Currently, the NE40E supports the transparent transmission of the following packets

through PWE3: ATM AAL5 SDU VCC transport, Ethernet, ATM n-to-one VCC cell

transport, IP Layer 2 transport, and ATM one-to-one VCC cell mode.

PW redundancy

The NE40E supports the circuit emulation service (CES) by using Pseudo-Wire

Emulation Edge to Edge (PWE3).

The CES is classified into the Structure-aware TDM Circuit Emulation Service over

Packet Switched Network (CESoPSN) and Structure-Agnostic TDM over Packet (SAToP)

service.

7.5.4 BGP/MPLS L3VPN

The NE40E supports MPLS/BGP L3VPN, providing an end-to-end VPN solution for carriers.

Carriers can provide VPN services for users as a new value-added service. The NE40E

supports the following BGP/MPLS L3VPN functions:

Access of a CE to an L3VPN through Layer 3 interfaces such as Ethernet, POS, and

VLANIF interfaces

Static routes, BGP, RIP, OSPF, or IS-IS running between a CE and a PE


ServiceRouter




32

Carrier's carrier

Inter-AS VPN

The NE40E supports the following inter-AS VPN solutions described in RFC 2547bis:

− VPN instance to VPN instance, also called Inter-Provider Backbones Option A

In Option A, sub-interfaces connecting the Autonomous System Boundary Routers

(ASBRs) manage VPN routes.

− EBGP redistribution of labeled VPN-IPv4 routes, also called Inter-Provider

Backbones Option B

In Option B, ASBRs advertise labeled VPN-IPv4 routes to each other through

MP-EBGP.

− Multihop EBGP redistribution of labeled VPN-IPv4 routes, also called Inter-Provider

Backbones Option C

In Option C, PEs advertise labeled VPN-IPv4 routes to each other through Multihop

MP-EBGP.

Multicast VPN

IPv6 VPN

The NE40E supports the following IPv6 VPN networking solutions:

− Intranet VPN

− Extranet VPN

− Hub&Spoke

− Inter-AS or multi-AS backbones VPN

− Carriers' carrier

HoVPN

Resource reservation VPN (RRVPN)

Multi-role host

7.6 QoS

On the NE40E, you can collect traffic statistics on the packets on which QoS is performed and

view the statistics result through corresponding display commands.

The NE40E supports the following QoS functions:

Diff-Serv Model

Multiple service flows can be aggregated into a Behavior Aggregate (BA) and then processed

based on the same Per-Hop Behavior (PHB). This simplifies the processing and storage of

services.

On the Diff-Serv core network, packet-specific QoS is provided. Therefore, signaling

processing is not required.

Simple Traffic Classification

Currently, the NE40E supports simple traffic classification not only on physical interfaces and

sub-interfaces but also on logical interfaces such as member interfaces of VLANIF and trunk

interfaces.


ServiceRouter




33

Complex Traffic Classification

The NE40E performs complex traffic classification based on the following information:

Layer 2 and Layer 3 information of packets

Source MAC address, destination MAC address, link layer protocol number, and 802.1p

value (of tagged packets) in the Ethernet frame header; IP precedence, DSCP, or ToS

value, source IP address prefix, destination IP address prefix, protocol number,

fragmentation flag, TCP SYN flag, TCP/UDP source port number or port range, and

TCP/UDP destination port number or port rang of IPv4 packets

Information carried in IPv6 packets

In addition to physical interfaces, traffic classification can be performed on logical

interfaces, including sub-interfaces and trunk interfaces.

Traffic Policing

CAR is mainly used for rate limit. In the implementation of CAR, a token bucket is used to

measure the data flows that pass through the interfaces on a router so that only the packets

assigned with tokens can go through the router in the specified time period. In this manner,

the rates of both incoming and outgoing traffic are controlled. In addition, the rate of certain

types of data flows can be controlled based on the information such as the IP address, port

number, and priority. Rate limit is not performed on the data flows that do not meet the

specified conditions, and such data flows are forwarded at the original interface rate.

CAR is mainly implemented at the edge of a network to ensure that core devices on the

network process data properly. The NE40E supports CAR for both incoming and outgoing

traffic.

Queue Scheduling

The NE40E supports FIFO, PQ, and WFQ for queue scheduling on interfaces.

The NE40E maps packets of different priorities to different queues and adopts Round Robin

(RR) on each interface for queue scheduling.

Priority Queues (PQs) are classified into four types: top PQs, middle PQs, normal PQs, and

bottom PQs. They are ordered in descending order of priorities. When packets leave queues,

PQ allows the packets in the top PQ to go first. Packets in the top PQ are sent as long as there

are packets in this PQ. The NE40E sends packets in the middle PQ only when all packets in

the top PQ are sent. Similarly, the NE40E sends packets in the normal PQ only when all

packets in the middle PQ are sent; the NE40E sends packets in the bottom PQ only when all

packets in the normal PQ are sent. As a result, the packets in the PQ of a higher priority are

always sent preferentially, which ensures that packets of key services are processed

preferentially when the network is congested. Packets of common services are processed

when the network is idle. In this manner, the quality of key services is guaranteed, and the

network resources are fully utilized.

Weight Fair Queuing (hereinafter referred to as WFQ) is a complex queuing process, which

ensures that the services with the same priority are fairly treated and the services with

different priorities are weighted. The number of WFQ queues can be pre-set and is allowed to

range from 16 to 4096. WFQ weights services based on their requirements for the bandwidth

and delay. The weights are determined by the IP precedence in the IP packet headers. With

WFQ, the NE40E implements dynamic traffic classification based on quintuples or ToS

values. The packets with the same quintuple (source IP address, destination IP address, source port number, destination port number, and protocol number) or ToS value belong to the same


ServiceRouter




34

flow. Packets in one flow are placed in one queue through the Hash algorithm. When flows

enter queues, WFQ automatically places different flows into different queues based on the

Hash algorithm. When flows leave queues, WFQ allocates bandwidths to flows on the

outbound interface based on different IP precedence of the flows. The smaller the precedence

value of a flow, the smaller the bandwidth of the flow. In this manner, services of the same

precedence are treated fairly; services of different precedence are treated based on their

weights.

Congestion Avoidance

Congestion avoidance is a traffic control mechanism used to avoid network overload by

adjusting network traffic. With this mechanism, the NE40E can monitor the usage of network

resources (such as queues and buffers in the memory) and discard packets when the network

congestion intensifies.

Random Early Detection (RED) or Weighted Random Early Detection (WRED) algorithms

are frequently used in congestion avoidance.

The RED algorithm sets the upper and lower limits for each queue and specifies the following

rules:

When the length of a queue is below the lower limit, no packet is discarded.

When the length of a queue exceeds the upper limit, all the incoming packets are

discarded.

When the length of a queue is between the lower and upper limits, the incoming packets

are discarded randomly. A random number is set for each received packet, and the

random number is compared with the drop probability of the current queue. The packet

is discarded when the random number is larger than the drop probability. The longer the

queue, the higher the drop probability. The drop probability, however, has an upper limit.

Unlike RED, the random number in WRED is based on the IP precedence of IP packets.

WRED keeps a lower drop probability for the packets that have a higher IP precedence.

RED and WRED employ the random packet drop policy to avoid global TCP synchronization.

The NE40E adopts WRED to implement congestion avoidance.

The NE40E supports congestion avoidance in both inbound and outbound directions of an

interface. The WRED template is applied in the outbound direction; the default scheduling

policy in the system is applied in the inbound direction. In addition, WRED can be applied to

the Multicast Tunnel interface (MTI) that is bound to the distributed multicast VPN on the

NE40E.

The NE40E supports congestion avoidance based on services. The NE40E reserves on each

interface eight service queues, that is, BE, AF1, AF2, AF3, AF4, EF, CS6, and CS7. The

NE40E colors packets with red, yellow, and green to identify the priorities of packets and

discard certain packets.

HQoS

The NE40E supports the following HQoS functions:

Provides five levels of scheduling modes to ensure diverse services.

Sets parameters such as the maximum queue length, WRED, low delay, SP/WRR, CBS,

PBS, and statistics function for each queue.

Sets parameters such as the CIR, PIR, number of queues, and algorithm for scheduling queues for each user.


ServiceRouter




35

Provides the traffic statistics function. Users can learn the bandwidth usage of services

and properly distribute the bandwidth by analyzing traffic.

Supports HQoS in the VPLS, L3VPN, VLL, and TE scenarios.

Supports interface-based, VLAN-based, user-based, and service-based HQoS.

QPPB

QPPB is the abbreviation of QoS Policy Propagation Through the Border Gateway Protocol.

The receiver of BGP routes performs the following operations:

Sets QoS parameters such as IP precedence and traffic behavior for a BGP route based

on the attributes of the route.

Classifies traffic according to QoS parameters and sets the QoS policy for the classified

traffic.

Forwards packets according to the locally configured QoS policies to propagate QoS

policies through BGP.

The receiver of BGP routes can set QoS parameters (IP precedence and associated traffic

behavior) based on the following attributes:

ACL

AS path list in routing information

Community attribute list in routing information

Metrics in routing information

IP prefix list

QoS for Ethernet Layer 2 simple traffic classification

The NE40E performs simple traffic classification according to the 802.1p field in VLAN

packets. On the ingress PE, the 802.1p priority in a Layer 2 packet is mapped to the

precedence defined by the upper layer protocol, such as the IP DSCP value or the MPLS

EXP value. In this manner, Diff-Serv is implemented for the packets on the backbone

network. On the egress PE, the precedence of the upper layer protocol is mapped back to

the 802.1p priority.

QinQ simple traffic classification

In the QinQ implementation, the 802.1p values in both inner and outer VLAN tags need

to be detected. The NE40E can detect the 802.1p value by the following means:

− Ignores the 802.1p value in the inner VLAN tag and sets a new 802.1p value in the

outer VLAN tag.

− Automatically converts the 802.1p value in the inner VLAN tag into the 802.1p value

in the outer VLAN tag.

− Sets a new 802.1p value in the outer VLAN tag according to the 802.1p value in the

inner VLAN tag.

Based on the preceding methods and the mapping of the inner VLAN tag to the outer

VLAN tag, QinQ supports 802.1p re-marking in the following modes:

− Specifying a given value.

− Adopting the 802.1p value in the inner VLAN tag.


ServiceRouter




36

− Mapping the 802.1p value in the inner VLAN tag to the 802.1p value in the outer

VLAN tag. The 802.1p values in multiple inner VLAN tags of different packets can

be mapped to the 802.1p value in one outer VLAN tag; whereas the 802.1p value in

one inner VLAN tag cannot be mapped to the 802.1p values in multiple outer VLAN

tags of different packets.

MPLS HQoS

MPLS QoS is a complete L2VPN/L3VPN QoS solution. It resorts to various QoS techniques

to meet the diversified and delicate QoS demands of VPN users. MPLS QoS provides relative

QoS on the MPLS Diff-Serv network and end-to-end QoS on the MPLE TE network. In

actual applications, the following QoS policies are supported.

QPPB applied to an L3VPN

MPLS Diff-Serv applied to an L2VPN/L3VPN

MPLS TE applied to an L2VPN/L3VPN

MPLS DS-TE applied to an L2VPN/L3VPN

VPN-based QoS applied to the network side of an L2VPN/L3VPN

7.7 Load Balancing

In a scenario where there are multiple equal-cost routes to the same destination, the NE40E

can balance traffic among these routes. The NE40E provides equal-cost load balancing and

unequal-cost load balancing, which can be selected as required. In equal-cost load balancing

mode, traffic is evenly load-balanced among different routes. In unequal-cost load balancing

mode, traffic is load-balanced among different routes based on the proportion of bandwidth of

each interface.

Equal-Cost Load Balancing

The NE40E can implement equal-cost load balancing on the traffic transmitted through the

member links of an IP-Trunk or an Eth-Trunk. When there are multiple equal-cost routes to

the same destination, the NE40E can evenly balance traffic among these routes.

Load balancing can be implemented in session-by-session mode.

Unequal-Cost Load Balancing

The NE40E supports the following unequal-cost load balancing modes:

Load balancing based on routes

When the costs of different direct routes are the same, you can configure a weight for

each route for load balancing.

Load balancing based on interfaces

For an IP-Trunk or an Eth-Trunk, you can configure a weight for each member link for

load balancing.

Load balancing based on link bandwidth for IGP

In this mode, unequal-cost session-by-session load balancing is performed on the

outbound interfaces of paths carrying out load balancing. The proportion of traffic

transmitted along each path is approximate to or equal to the proportion of bandwidth of

each link. This mode fully considers the link bandwidth. In this manner, the case that


ServiceRouter




37

links with low bandwidth are overloaded whereas links with high bandwidth are idle

does not exist.

The NE40E can balance traffic between physical interfaces or between physical interfaces and

logical interfaces. In addition, the NE40E can detect the changes of logical interface

bandwidth due to manual configuration of new member links or the status changes of member

links. When the bandwidth of a logical interface changes, traffic is automatically

load-balanced based on the new bandwidth proportion.

7.8 Traffic Statistics

The NE40E collects the statistics on access services for various users with multiple statistic

functions. The traffic statistics functions are as follows:

The traffic statistics functions are as follows:

Helps carriers analyze the traffic model of the network.

Provides reference data for carriers to deploy and maintain Diff-Serv TE.

Supports traffic-based accounting for non-monthly rental users.

URPF Traffic Statistics

The NE40E collects statistics on the forwarded traffic based on URPF and the traffic

discarded during the URPF check.

ACL Traffic Statistics

The NE40E supports the ACL traffic statistics function. When the created ACLs are applied to

QoS and PBR, the NE40E can collect statistics based on ACLs after the ACL traffic statistics

function is enabled. The NE40E also provides commands to query the number of matched

packets and bytes.

CAR Traffic Statistics

The NE40E provides diverse QoS functions such as traffic classification, traffic policing

(CAR), and queue scheduling. For these specific functions, the NE40E provides the following

QoS traffic statistics functions:

In traffic classification, the system can collect statistics on the traffic that matches rules

and fails to match rules.

The traffic statistics function for traffic policing is implemented in the following

manners:

− Collects the statistics on the total traffic that matches the CAR rule.

− Collects the statistics on the traffic that is permitted or discarded by the CAR rule.

− Supports the interface-based traffic statistics.

− Supports interface-based CAR traffic statistics when the same traffic policy is applied

to different interfaces.

HQoS Traffic Statistics

The NE40E can collect the following HQoS traffic statistics:


ServiceRouter




38

Statistics on the number of forwarding packets, bytes, and discarded packets of a user

queue which includes eight flow queues of different priorities

Statistics on the number of forwarded packets, bytes, and discarded packets of a user

group queue

Statistics on the number of forwarded packets, bytes, and discarded packets of eight

queues of different priorities on an interface

Interface-Based Traffic Statistics

Traffic statistics can be collected on all interfaces, including physical interfaces,

sub-interfaces, loopback interfaces, null interfaces, logical channel interfaces, and virtual

Ethernet interfaces.

Statistics on IPv4 and IPv6 packets, including unicast packets, multicast packets, and

broadcast packets, can also be collected.

Statistics on all protocol packets that are supported can be collected, such as MPLS packets,

ARP packets, IGP packets, BGP packets, PIM packets, and DHCP packets.

The NE40E uses the 64-bit register to store the interface-based traffic statistics. For example,

the register can store the traffic statistics on a 10G interface for 58.5 years.

VPN Traffic Statistics

On a VPLS network, the NE40E, functioning as a PE, can collect statistics on incoming and

outgoing traffic of L2VPN users that are connected to the NE40E.

On an L3VPN, the NE40E, functioning as a PE, can collect statistics on incoming and

outgoing traffic of various types of access users. The access users include:

Users that access the network through interfaces including logical interfaces

Multi-role hosts

Users that access the network through the VPLS/VLL

When MPLS HQoS services are configured, the NE40E, functioning as an ingress PE,

can collect statistics on the traffic that is sent by the network side.

Traffic Statistics on TE Tunnels

The NE40E, functioning as a PE on an MPLS TE network, can collect statistics on incoming

and outgoing traffic of a tunnel. When a VPN is statically bound to a TE tunnel, the NE40E

can collect statistics on traffic of each RRVPN over the TE tunnel and the total traffic over the

TE tunnel.

Statistics can be collected on traffic of each CT on a DS-TE tunnel.

7.9 IP RAN Features

PNP

Plug-and-Play (PNP) enables new devices to be automatically identified by the NMS and be

commissioned remotely by using the NMS.


ServiceRouter




39

On an IP RAN network deployed with a large number of devices, the device deployment costs,

especially the costs of on-site software commissioning, are high. This greatly harms the

growth of profits. To address this issue, Huawei puts forward the PNP solution.

The PNP feature effectively reduces the on-site software commissioning time, frees engineers

from working in bad outdoor environments, and greatly speeds up the project process and

improves project quality.

Y.1731

Y.1731 supports the following functions:

Single-ended frame loss statistics collection, two-ended frame loss statistics collection,

one-way frame delay, two-way frame delay and one-way jitter

MPLS TP OAM

MPLS TP OAM supports the following functions:

Basic connectivity detection

LoopBack (LB)

Link Trace (LT)

Remote Defect Indication (RDI)

AIS

Single-ended frame loss statistics collection and two-ended frame loss statistics

collection

One-way frame delay and two-way frame delay

7.10 Network Reliability

NSR

NE40Esupports the following techniques of Non-Stop Routing (NSR).

NSR OSPF

NSR LDP

NSR RSVP-TE

NSR PIM

NSR PPP

NSR ARP

NSR LACP

NSR for L2VPN

NSR for L3VPN

ISIS/ISIS6 NSR

BGP/BGP4+ NSR

Multicast (PIM/MSDP) NSR

NSR for IPv6


ServiceRouter




40

APS

The NE40E supports the following Automatic Protection Switching (APS) functions:

1+1 unidirectional mode and 1:1 bidirectional mode

Manual switching of APS groups

Forcible switching of APS groups

Locking of traffic on the working link of an APS group

Interface-based APS

Intra-LPU or inter-LPU APS

Inter-device APS, that is, Enhanced APS (E-APS)

Addition of the working and protect interfaces of an APS group to a trunk so that all

services are configured on the trunk

FRR

The NE40E provides multiple fast reroute (FRR) features. You can deploy FRR as required to

improve network reliability.

IP FRR

FRR switching can be complete in 50 ms. In this manner, the data loss caused by

network failures is minimized to a great extend.

FRR supported by the NE40E enables the system to monitor and save the status of LPUs

and interfaces in real time and to check the status of interfaces during packet forwarding.

When faults occur on an interface, the system can rapidly switch the traffic to another

pre-set route, thus reducing time between failures and the packet loss ratio.

LDP FRR

LDP FRR switching can be complete in 50 ms.

TE FRR

TE FRR is an MPLS TE technology used to protect local networks. Only the interfaces

with a transmission rate of over 100 Mbit/s support TE FRR. TE FRR switching can be

complete within 50 ms. It can minimize data loss when network failures occur.

TE FRR protects traffic only temporarily. When the protected LSP becomes normal or a

new LSP is established, traffic is switched back to the original protected LSP or the

newly established LSP.

When a link or a node on the LSP fails, traffic is switched to the protection link and the

ingress node of the LSP attempts to establish a new LSP, if an LSP is configured with TE

FRR.

With different protected objects, TE FRR is classified into the following types:

− Link protection

− Node protection

Auto FRR

Auto FRR is an extension of MPLS TE FRR. It automatically creates a bypass tunnel

that meets the requirements for the LSP through the configuration of the attributes of the

bypass tunnel, global auto FRR attributes, and interface-based auto FRR attributes on the

interface of the primary tunnel. When the primary tunnel changes to another path, the

previous bypass tunnel is automatically deleted. Then, a bypass tunnel that meets the

requirements is set up.

VLL FRR


ServiceRouter




41

VLL FRR switching can be complete in 50 ms.

VPN FRR

VPN FRR switching can be complete in 50 ms.

Backup of Key Parts

The NE40E can be equipped with one MPU or two MPUs. The MPUs support hot backup. If

the device is configured with two MPUs, the master MPU works and the slave MPU is in the

standby state. The management network interface on the slave MPU cannot be accessed by

users, and the console and AUX interfaces cannot be configured with any command. The

slave MPU exchanges information (including heartbeat messages and backup data) with only

the master MPU.

The system supports two types of master/slave switchover of MPUs: failover and switchover.

The failover is triggered by serious faults in the master MPU or the reset of the master MPU.

The switchover is triggered by commands that are run on the console interface. You can also

forbid the master/slave switchover of the MPUs by using commands on the console interface.

The system generates alarms, records the faults in the log file, and reports the alarms to the

NMS. The cause of the master/slave switchover and the associated operations are recorded in

the system diagnosis information base for users to analyze.

The system provides two clock boards in master/slave backup mode. If the system detects that

the master clock board becomes faulty or is reset through a command, the system

automatically performs the master/slave switchover of clock boards. The master/slave

switchover of clock boards does not result in phase offsets or interrupt services.

The master/slave switchover time of each key part is less than 100 us.

High Reliability of LPUs

The NE40E supports backup of key service interfaces of the same type through protocols.

Supports VRRP on Ethernet interfaces. With extended VRRP, two interfaces located on a

same NE40E or two NE40Es can back up each other. This ensures high reliability of the

interfaces.

Supports backup of Eth-Trunk member interfaces, or backup of Eth-Trunk or IP-Trunk

member interfaces and non-member interfaces.

Supports the bundling of interfaces on different LPUs into a trunk.

You can access different LPUs through double links and bundle interfaces on different

LPUs into a trunk to ensure high reliability of services.

Inter-LPU bundling is implemented by high-performance hardware engines, thus

ensuring load balancing of packets among different links.

The Hash algorithm based on the combination of the source and destination IP addresses

load-balances traffic evenly on links.

Seamless switchover is implemented in the case of a link failure so that services are

forwarded without interruption.

Through extended protocols, the NE40E backs up key service interfaces. In this manner, core

routers can monitor and back up the running status of interfaces when they carry LAN, MAN,

or WAN services. Therefore, the routing table is not affected when the status of the backup

interface needs to be changed and services recover rapidly.


ServiceRouter




42

Transmission Alarm Suppression

Transmission alarm suppression can efficiently filter and suppress alarm signals. This

prevents interfaces from frequently flapping. In addition, transmission alarm customization

enables the control over the impact brought by alarms on the interface status.

Transmission alarm customization and suppression implement the following functions:

Customizes alarms. This can specify the alarms that can cause the change of the interface

status.

Suppresses alarms. This can filter out the burr and prevent the network from frequently

flapping.

Dual-System Hot Backup

The NE40E supports the following dual-system hot backup functions:

1+1 or 1:1 hot backup of ARP traffic

Ethernet OAM Fault Management

Ethernet OAM fault management includes the following functions:

Ethernet in the First Mile OAM (EFM OAM)

Conforming to IEEE 802.3ah, the NE40E supports point-to-point Ethernet fault

management to detect faults in the last mile of the direct link on the user side of the

Ethernet. Currently, the NE40E supports OAM discovery, link monitoring, remote fault

notification, and remote loopback, as defined in IEEE 802.3ah.

Connectivity Fault Management OAM (CFM OAM)

The following describes end-to-end Ethernet fault management in two aspects.

− Hierarchical MD

Each MD has a level that ranges from 0 to 7. The greater the value, the higher the

level. The 802.1ag packets from a low-level MD are discarded when entering a

high-level MD. The 802.1ag packets from a high-level MD can be transmitted

through a low-level MD.

− End-to-end fault detection and location

The NE40E realizes end-to-end Ethernet fault management by conforming to IEEE

802.1ag or not.

The NE40E supports MAC ping and MAC trace by transmitting Loop Back (LB) and

Link Trace (LT) messages defined in IEEE 802.1ag to locate faults.

Fault detection and location not conforming to IEEE 802.1ag include general MAC

ping and general MAC trace.

Ethernet OAM Performance Management

Conforming to ITU-T Y.1731, the NE40E supports Ethernet OAM performance management

by inserting the timestamp into 802.1ag LB messages to measure the delay, jitter, and packet

loss ratio when the messages are transmitted. In this manner, the NE40E can detect the

end-to-end performance of traffic in a specified time period and on a specified network

segment. The NE40E can measure performance parameters at scheduled time and output

report containing the network management information.


ServiceRouter




43

By using performance management tools, the ISP can monitor the network status in real time

through the NMS. The ISP then check whether the forwarding capacity of the network

complies with the Service Level Agreement (SLA) signed with users and locate faults. The

ISP does not need to carry out detection on the user side, which greatly decreases maintenance

costs.

VRRP

VRRP dynamically associates the virtual router with a physical router that carries services.

When the physical router fails, another router is elected to take over services. Failover is

transparent to users and thus the internal network and the external network can communicate

without interruption.

The NE40E supports the following VRRP functions:

mVRRP

VGMP

E-VRRP

VRRP For IPv6

GR

Graceful Restart (GR) is a key technology in implementing HA. It is designed based on NSF.

GR switchover and subsequent restart can be performed by the administrator or triggered by

faults. GR neither deletes the routing information from the routing table or the FIB nor resets

the board during the switchover when faults occur. This prevents the service interruption of

the entire system.

The NE40E supports system-level GR and protocol-level GR. Protocol-based GR includes:

BGP GR

OSPF GR

IS-IS GR

MPLS LDP GR

Martini VLL GR

Martini VPLS GR

L3VPN GR

RSVP GR

PIM GR

BFD

BFD is a detection mechanism used uniformly in an entire network. It is used to rapidly detect

and monitor the connectivity of links or IP routes in a network.

BFD sends detection packets at both ends of a bidirectional link to check the link status in

both directions. The defect detection is implemented at the millisecond level. The NE40E

supports single-hop BFD and multi-hop BFD.

BFD of the NE40E supports the following applications.

BFD for VRRP


ServiceRouter




44

The system uses BFD to detect and monitor the connectivity of links or IP routes in a

network. The rapid VRRP switchover is thus triggered.

BFD for FRR

− BFD for LDP FRR.

− LDP FRR switchover is triggered after BFD detects faults on protected interfaces.

− BFD for IP FRR and BFD for VPN FRR.

− IP FRR and VPN FRR are triggered after BFD detects faults and reports fault

information to the upper layer applications.

BFD for static routes

BFD for IS-IS

The NE40E supports detection on the IS-IS adjacency by using the BFD session that is

configured statically.

BFD detects the fault of the link between the adjacent IS-IS nodes and rapidly reports the

fault to IS-IS. Thus fast convergence of IS-IS routes is performed.

BFD for OSPF/BGP

The NE40E supports OSPF and BGP in dynamically setting up and deleting the BFD

session.

BFD for PIM

BFD detection on IP-Trunks and Eth-Trunks

On the NE40E, BFD can detect a trunk and the member links of the trunk independently.

That is, it can detect the connectivity of the trunk and that of an important member link

of the trunk.

BFD for LSP

BFD for LSP performs fast fault detection of the LSP, the TE tunnel, and the PW. In this

manner, BFD for LSP implements fast switchover of MPLS services such as VPN FRR,

TE FRR, and VLL FRR.

BFD for Dot1q sub-interface

BFD for mVSI

Multi-hop BFD

BFD For IPv6

BFD for OSPFv3, BFD for ISISv6, BFD for BGP4+, and BFDv6 for default IPv6

BFD for VPLS PW

BFD for VPLS/VLL PW

VPLS over LDP FRR/FW unicast

7.11 Clock

The NE40E supports the following clock features:

CES ACR

CES DCR

Ethernet clock synchronization

The Ethernet interfaces on the LPUF-10 and LPUF-21 of theNE40E provide Ethernet

clock synchronization so that the clock quality and stratum of the network can be

guaranteed.


ServiceRouter




45

1588v2

The 1588v2 feature:

− Supports the input and output of the externally synchronized time.

− Supports 10M/100M/1000M/10G Ethernet interfaces and auto sensing of

10M/100M/1000M Ethernet interfaces.

− Supports Eth-Trunk.

− Supports OC, BC, E2ETC, P2PTC, E2ETCOC, P2PTCOC and TCandBC.

− Allows the NE40E to function as a GrandMaster.

− Supports slave-only when functioning as an OC.

− Supports the dynamic BMC algorithm.

− Supports two delay measurement methods: Delay and PDelay

− Supports one-step mode and two-step mode in which 1588v2 packets that are used by

1588v2 devices to perform time synchronization are timestamped..

− Supports multicast MAC encapsulation (the VLAN and 802.1p priority are

configurable).

− Supports multicast UDP encapsulation (the source IP address, VLAN, and DSCP

priority are configurable).

− Supports unicast MAC encapsulation (the destination MAC, VLAN, and 802.1p

priority are configurable).

− Supports unicast UDP encapsulation (the source IP address, destination IP address,

destination MAC, VLAN, and DSCP priority are configurable).

− Uses the clock recovered through the Precision Time Protocol (PTP) as the clock

source and supports the algorithm for dynamic clock source selection (based on the

priority and clock stratum).

− Implements clock recovery that complies with G.813.

− Implements frequency recovery that meets the requirements of the SDH equipment

clock (SEC) in G.823.

1588 ACR

− Supports frequency synchronization only.

− Supports the change of selected clock sources.

− Supports unicast UDP encapsulation (and the DSCP field).

− Complies with Recommendation G.8261 in terms of service modeling and

networking and performs clock recovery with accuracy that is prescribed by G.823.

− Supports 1588v2 header overlapping without affecting forwarding capabilities.

− Supports switchover between master and slave MPUs/SRUs without affecting

services.

− Supports hot swapping of LPUs and sub-cards.

Supports clock synchronization.

The NE40E supports clock synchronization on CPOS interfaces, E1 interface, and WAN

interfaces to ensure high clock quality and stratum on the network.

Network Time Protocol (NTP) clock

The NE40E supports the following working modes of NTP:

− Server/client mode

− Peer mode

− Broadcast mode


ServiceRouter




46

− Multicast mode

The NE40E supports two NTP security mechanisms:

− Access authority

The NE40E provides four levels of access control. After receiving an NTP access

request packet, the NE40E matches it from the lowest access control level to the

highest access control level. The first successfully matched access control level takes

effect. The matching order is as follows:

peer: indicates the minimum access control. The remote end can send a time request

and a control query to the local end. The local clock can also be synchronized with

the clock of the remote server.

server: indicates that the remote end can send a time request and a control query to

the local end. The local clock, however, is not synchronized with the clock of the

remote server.

synchronization: indicates that the remote end can only send a time request to the

local end.

query: indicates the maximum access control. The remote end can only send a control

query to the local end.

Authentication

When configuring NTP authentication, note the following rules:

The NTP authentication must be configured on both the client and the server; otherwise,

the authentication does not take effect. If NTP authentication is enabled, keys must be

configured and declared reliable.

The server and the client must be configured with the same key.

Internal clock

The NE40E provides an internal clock and can extract clock information from LPUs.

The clock precision reaches 4.6 ppm, that is, 0.00002s.

Extended SSM

The NE40E supports the following functions:

− Sending and receiving of SSM information carrying Clock IDs

− Clock ID configuration for a clock source

− Clock source selection based on extended SSM


ServiceRouter

Product Description 8 Security Features



47

8 Security Features

Security Authentication

The NE40E supports the following security authentication functions:

AAA

Plain text authentication and MD5 encrypted text authentication supported by routing

protocols that include RIPv2, OSPF, IS-IS, and BGP

MD5 encrypted text authentication supported by LDP and RSVP

SNMPv3 encryption and authentication

URPF

The NE40E supports URPF for IPv4/IPv6 traffic.

MAC Address Limit

The NE40E supports the following MAC address limit functions:

Limit on the number of MAC addresses that can be learned

Limit on the speed of MAC address learning

Limit on interface-based MAC address learning

Limit on PW-based MAC address learning

Limit on VLAN+interface-based MAC address learning

Limit on interface+VSI-based MAC address learning

Limit on QinQ-based MAC address learning

MAC entries in a MAC address table are classified into three types:

Dynamic entries

Dynamic entries are learnt by interfaces and stored in hardware of LPUs. Dynamic

entries age. Dynamic entries will be lost in the case of the system reset, LPU hot swap,

or LPU reset.

Static entries

Static entries are configured by users and delivered to LPUs. Static entries do not age.

After static entries are configured and saved, they are not lost in the case of the system

reset, LPU hot swap, or LPU reset.


ServiceRouter




48

Blackhole entries

Blackhole entries are used to filter out the data frames that contain specific destination

MAC addresses. Blackhole entries are configured by users and delivered to LPUs.

Blackhole entries do not age. After blackhole entries are configured and saved, they will

not be lost in the case of the system reset, LPU hot swap, or LPU reset.

MAC Entry Deletion

The NE40E provides the following MAC entry deletion functions:

Interface+VSI-based MAC entry deletion

Interface+VLAN-based MAC entry deletion

Trunk-based MAC entry deletion

Outbound QinQ interface-based MAC entry deletion

Unknown Traffic Limit

With the unknown traffic limit, the NE40E implements the following operations on a VPLS or

Layer 2 network:

Manages user traffic.

Boards that are not LPUI-41s or LPUF-100s manage only the traffic of VSI and VLAN

users.

Allocates bandwidth to users.

In this manner, the network bandwidth is reasonably used and the network security is

guaranteed.

IGMP Snooping

The NE40E supports IGMP snooping on Layer 2 interfaces, Layer 3 interfaces, QinQ

interfaces, STP topologies, RRPP rings, and VPLS PWs.

DHCP Snooping

DHCP snooping is mainly used to prevent DHCP Denial of Service (DoS) attacks, bogus

DHCP server attacks, ARP middleman attacks, and IP/MAC spoofing attacks when DHCP is

enabled on the NE40E.

The working mode of DHCP snooping varies with the attack type, as shown in Table 8-1.

Table 8-1 Attack types and DHCP snooping working modes

Attack Type DHCP Snooping Anti-Attack Working Mode

DHCP exhaustion attack MAC address limit

Bogus DHCP server attack Trusted/untrusted

Middleman attack and IP/MAC spoofing

attack

DHCP snooping binding table

DoS attack by changing the value of the

Client Hardware Address (CHADDR)

Check on the CHADDR field in DHCP


ServiceRouter




49

Attack Type DHCP Snooping Anti-Attack Working Mode

field packets

Local Attack Defense

The NE40E provides a uniform local attack defense module to manage and maintain the

attack defense policies of the whole system, thus offering an all-around attack defense

solution that is operable and maintainable to users.

The NE40E supports the following attack defense functions:

Whitelist

A whitelist refers to a group of valid users or users with high priorities. By configuring

the whitelist, you can enable the system to protect existing services or user services with

high priorities.

Blacklist

A blacklist refers to a group of invalid users. You can define a blacklist through ACLs.

The users confirmed as attackers are added to the blacklist. Then, packets that match the

blacklist are discarded or sent to the CPU with a lower priority.

CPU Total CAR

Central Processing-Committed Access Rate (CP-CAR) is used to set the rate of sending

the classified packets to the CPU. You can set the average rate, the committed burst size

(CBS), and the priority for each type of packets.

User-defined flow

User-defined flows refer to that a user defines the ACL rule to defend against attacks.

Active link protection (ALP)

The NE40E protects the TCP-based application-layer data such as session data with the

whitelist function.

Uniform configuration of CAR parameters

The NE40E provides the following methods of configuring CAR parameters:

− Same CAR parameters configured on different LPUs

− Same configuration interface for users

− Configuration of protocol-specific CAR parameters, making the user interface more

friendly

Smallest packet compensation

The NE40E can efficiently defend the network against the attacks of small packets with

the smallest packet compensation function. After receiving packets, the system checks

the lengths of packets before sending them to the CPU.

− If the packet length is smaller than the preset minimum packet length, the system

calculates the sending rate with the pre-set minimum length.

− If the packet length is greater than the pre-set minimum packet length, the system

calculates the sending rate with the actual packet length.

Association between the application layer and lower layers

Application layer association is implemented by associating the enabled and disabled status of control protocols and the status of the forwarding engine on the lower layer.


ServiceRouter




50

Local URPF

If the route is a local route, the packets must pass URPF check before being sent to the

CPU.

Management and service plane protection

The function is to control protocol packets again at the control layer. Through three-level

policies (interface-level, board-based, and global), management and control plane

protection can flexibly specify the type of protocol packet that can be transmitted an

interface of a device.

Defense against TCP/IP packet attacks

The NE40E provides defense measures against attacks by sending the following types of

packets on TCP/IP networks:

− Malformed packets

Null IGMP packets, packets with invalid TCP flag bits, LAND attack packets, IP

packets whose payloads are null, and smurf attack packets.

− Fragmented packets

Packets with a huge number of fragments or packets that have a large offset value,

repetitive fragmented packets, tear Drop, syndrop, nesta, fawx, bonk, NewTear, Rose,

ping of death, and Jolt attacks

− TCP SYN packet rate limited

− UDP flood attack defense

Attack source tracing

When the NE40E is attacked, it obtains and stores suspicious packets, and then displays

the packets in a certain form through command lines or offline tools. This helps locate

the attack source easily.

When attacks occur, the system automatically removes the data encapsulated at upper

layers of the transmission layer and then caches the packets in memory. When there are a

certain number of packets in the cache, for example, 20000 packets on each LPU, the

earliest cached packets are overridden when more packets are cached.

GTSM

On the current network, attackers forge valid packets to attack routers, which overloads the

routers and consumes limited resources such as the CPU on the MPU. For example, an

attacker forges BGP protocol packets and continuously sends them to a router. After the LPU

of the router receives the packets, it finds that the packets are destined to itself and then sends

the packets directly to the BGP processing module on the MPU without checking the validity

of the packets. As a result, the system is abnormally busy processing these forged valid

packets and the CPU usage is high.

To guard against the preceding attacks, the NE40E provides the Generalized TTL Security

Mechanism (GTSM). The GTSM protects services above the IP layer by checking whether

the TTL value in the IP header is within a specified range. In actual applications, the GTSM is

mainly used to protect the TCP/IP-based control plane such as the routing protocol against

attacks of the CPU-utilization type such as CPU overload.

The NE40E supports BGP GTSM, BGP+ GTSM, OSPF GTSM, and LDP GTSM.

ARP Attack Defense

The NE40E supports the following ARP attack defense functions:


ServiceRouter




51

Interface-based ARP entry restriction

Timestamp suppression based on the destination IP address and source IP address of an

ARP packet

The destination address check for the ARP packet

The system checks whether the destination IP address of the ARP packet received on the

interface is correct. If the destination IP address is correct, the packet is sent to the CPU;

otherwise, the packet is discarded.

ARP bidirectional isolation

Filtration of invalid ARP packets

The NE40E filters out the following types of ARP packets:

− Invalid ARP packets

Invalid ARP packets include ARP request packets with the destination MAC

addresses being unicast addresses, ARP request packets with the source MAC

addresses being non-unicast addresses, and ARP reply packets with the destination

MAC addresses being non-unicast addresses.

− Gratuitous ARP packets

− ARP request packets with valid MAC addresses

You can use commands to filter out one or more previously mentioned invalid packets.

Local Mirroring

In local mirroring, an LPU can be configured with a physical observing port, multiple logical

observing ports, and multiple mirrored ports.

Local mirroring can be inter-LPU mirroring, which means that the observing port and

mirrored port reside on different LPUs. Inbound and outbound traffic mirroring is supported

in inter-board port mirroring

Mirroring between different types of interfaces is supported.

SSHv2

The NE40E supports the STelnet client and server and the SFTP client and server. Both

support SSH 1.5 and SSH 2.0.


ServiceRouter

Product Description 9 Energy Conservation and Emission Reduction



52

9 Energy Conservation and Emission Reduction

Regulation Compliance

The NE40E complies with the following energy conservation and emission reduction

regulations:

Directive 2002/95/EC on the Restriction of the Use of certain Hazardous Substances in

Electrical and Electronic Equipment (RoHS)

Regulation (EC) No 1907/2006 concerning the Registration, Evaluation, Authorization

and Restriction of Chemicals (REACH)

Directive 2002/96/EC on waste electrical and electronic equipment (WEEE)

ATIS-0600015.03.2009 Energy Efficiency for Telecommunications Equipment:

Methodology for Measurement and Reporting for Router and Ethernet Switch Products

Directive 2009/125/EC establishing a framework for the setting of ecodesign

requirements for energy-related products (recast)

Energy Consumption Management

The NE40E provides the following power consumption management functions:

Power supply management

Device- and board-based power consumption query

Configuration and query of the energy conservation mode

Power Consumption Reduction Designs

The NE40E has the following power consumption reduction designs:

Allows fan modules to automatically adjust the fan speed based on environment

temperature.

Allows users to run commands to power off boards, except the active main control

board.

Allows users to run commands to power off unused subboards and interfaces on service

boards.

Supports dynamic energy conservation for unused modules.

Supports dynamic energy conservation based on service loads.


ServiceRouter

Product Description 9 Energy Conservation and Emission Reduction



53

Energy Conservation Suggestions

The energy conservation suggestions for the NE40E are as follows:

Separate hot and cold air ducts in equipment rooms, place the air intake vent of the

NE40E besides the cold air duct, and prevent hot air from entering the air intake vent.

Select the best suited AC power modules to prevent high power loss due to AC power

light load that means the load ratio is less than 30%.

Clean the dust-proof nets regularly and keep the air intake vents unblocked to reduce

power consumption and noise.

Cover unused slots with filler panels and cap unused interfaces with rubber plugs to

ensure efficient heat dissipation.

Power off unused boards and interfaces.

Set the NE40E to energy conservation mode.


ServiceRouter

Product Description 10 Applicable Environment



54

10 Applicable Environment

About This Chapter

10.1 Metro Ethernet Solution

10.2 Dual-Stack User Access and Transition Solutions

10.1 Metro Ethernet Solution

A metro Ethernet consists of the core layer, edge layer, convergence layer, and access layer.

The core layer is responsible for the high-speed forwarding of service data. The edge layer

and the convergence layer serve as the access point of various services. The services access

the network for forwarding through the BRAS, the centralized PE, or the convergence node,

based on the service type. The access layer is responsible for the user access, and the devices

at the access layer include a DSLAM, the converged switch, AG, and NodeB. Figure 10-1

shows the networking of the MAN.

Figure 10-1 MAN deployment

Access Ethernet Aggregation Edge Core Application

DSLAMCMTS

AccSwitch

Distributionnode

Distributionnode

AggregafionNode

BRAS

VoD ES

PE

P/PE

P/PE

P/PE

Internet

SoftX

VoD CS

InternetInternetInternetInternet

The convergence layer device accesses and forwards the services through the IP or MPLS

technologies. Personal services are accessed to the convergence node through the DSLAM,


ServiceRouter




55

and corporate services are converged at Layer 2 through a switch or are directly accessed to

the convergence node.

DSLAM: is short for the Digital Subscriber Line Access Multiplexer that accesses the

personal services through the permanent virtual circuit (PVC). The DLSAM adds the

VLAN or QinQ tag based on the types of users and services, and is generally connected

to the aggregation node.

Switch: refers to the access switch that converges the Layer 2 corporate services to the

aggregation node.

Aggregation node: refers to the aggregation node connected to the distributed service

node (PE). The aggregation node distinguishes the VLAN or QinQ user services,

forwards Layer 3 services or VPN services, or transparently transmits services to the

BRAS or the centralized PE through the IP or MPLS technologies.

Distribution node: refers to the distribution node that converges the services in the metro

Ethernet. The distribution node terminates the IP or MPLS technologies and

transparently transmits the services to the BRAS or the centralized PE.

BRAS: refers to a device that processes PPPoE login services of individual users.

PE: refers to the centralized service node, which can also serve as the distribution node.

PE accesses the services that should be converged and processed, such as centralized

L3VPN services.

P/PE: refers to the core forwarding node or the edge node on the backbone network. P or

PE rapidly forwards the services or accesses the services to the backbone network.

The NE40E is applicable to the aggregation node and the distribution node to guarantee the

access of individual services and corporate services.

Individual Service Solution

The NE40E supports the following individual services:

HSI service: The DSLAM adds QinQ tags to distinguish user services. The outer VLAN

tag indicates the service type. The NE40E at the aggregation node transparently transmits

the services to the NE40E at the distribution node through VLL or VPLS. The

distribution node terminates the transmission and then transparently transmits the QinQ

data to the BRAS.

VoD/VoIP: The NE40E at the aggregation node terminates the VLAN or QinQ tag added

by the DSLAM, and forwards the services to Layer 3 network or accesses the services to

L3VPN for forwarding.

BTV: The NE40E at the aggregation node serves as the designated router (DR) of the

Protocol Independent Multicast (PIM). The aggregation node receives the multicast data

distributed through the PIM protocol, and then sends the data to the DSLAM through

multicast VLAN. The user joins or withdraws a group through IGMP, and sends the hot

channels to DR.

Enterprise Service Solution

The NE40E supports the following enterprise services:

Corporate dedicated line: The corporate dedicated line is connected to the Layer 3

network through the NE40E at the aggregation node.

E-LINE: The PW, an end-to-end L2VPN tunnel, is set up between the NE40E at the

aggregation node and the peer end. The E-LINE services are transmitted to the peer end


ServiceRouter




56

through different tunnels based on the VLAN or QinQ tag identified at the aggregation

node.

E-LAN: The NE40E at the aggregation node creates the VSI, and forwards the service

data to different VSIs for forwarding after the VLAN or QinQ tag is identified. The

service data can also be accessed to the E-LAN services through H-PVLS, during which

the VSI is created by the distribution node.

L3VPN: The services are accessed to the Virtual Route Forwarding (VRF) at the

aggregation node, or accessed to the centralized service node for VRF forwarding

through HoVPN.

IP RAN Solution

Services of the 2G RAN network, mainly a small number of voice services, are transmitted

over TDM links. Usually one to three E1 interfaces on a BTS are connected to a BSC. Some

mobile carriers do not have fixed network infrastructure, and have to lease E1 lines of

fixed-line networks, which costs a lot. Services between the BTSs and BSCs in the same city

can be transparently transmitted over TDM links in a Metro Ethernet (ME) network.

For a 2G RAN network, a Packet Switching Network (PSN) is constructed through NE40Es

between the BTSs and a BSC. The NE40E is connected to the BTSs in the downstream

through n x E1 links, and to the BSC in the upstream through n x E1 links or 155-Mbit/s

links.

Mobile providers worldwide have been constructing the Radio Access Network (RAN)

continuously. The 2G RAN network is based on TDM/SDH, and thus it has a lower utilization

of bandwidth, is hard to expand, and is inflexible to configure. Therefore, IP RAN is a trend.

UMTS R99/R4 defines ATM as the protocol used during the transmission of the services

between the Node B and RNC, with E1 IMA interfaces connecting the two ends. Figure 10-2

shows the networking diagram.


ServiceRouter




57

Figure 10-2 2G/3G RAN solution

Node B

Node B

N *E1(ATM IMA)

N *E

1(ATM

IMA)

CX600

CX600 CX600 RNC

MPLS over SDH/ME

N *E1(ATM IMA)

CX600

BSC

E1 TDM

E1 TDM*N

E1 TDM*N

Transparent transmission

of ATM cells through PWE3

Transparent transmissionof TDM services

Deploying NE40E on a Metro Ethernet-based MPLS network can solve the problem of

bandwidth multiplexing. Node B is connected to the NE40E that supports E1 IMA interfaces.

After the NE40E terminates IMA, the high-speed ATM cell flow is transparently transmitted

through ATM PWE3 to the NE40E at the RNC side. Then, the NE40E at the RNC side divides

the high-speed ATM cell flow into n x E1 links, and sends multiple channels of low-speed

cells to the RNC. For the Node B and RNC, the NE40E and MPLS network are transparent.

That is, multiple E1 interfaces on the Node B and RNC are directly connected through the

TDM link.

1588v2 Clock Solution

As shown in Figure 10-3, the bearer network synchronizes its time through the GPS or

external time sources, and then provides the clock or time externally; the nodes support

multicast MAC encapsulation.

The nodes in the bearer network can trace a BITS clock. All the nodes on the network serve as

boundary clocks (BCs), and all the BCs support the peer delay mechanism to be adapted to

fast switchover of links. The nodes that do not support IEEE 1588 can be configured to

support GPS if these nodes are connected through POS or ATM links. BCs send clock signals

to the Node B that support IEEE 1588 through multicast MAC addresses. The Node B that

does not support IEEE 1588 synchronizes frequency through Ethernet clock synchronization

or through WAN interfaces.


ServiceRouter




58

Figure 10-3 1588v2 clock solution

POSBC BC

BCBC

FE

GEGE

FE E1

1588v2

1588v2 1588v2

1588v2

Node B

with 1588v2

Node B

with 1588v2

Node B

without 1588v2

GPS GPS

Node B

without 1588v2

E1

10.2 Dual-Stack User Access and Transition Solutions

As the number of Internet users keeps increasing, and mobile broadband and the Internet of

Things rapidly develop, IPv4 address shortage has become an increasingly serious problem.

IPv6 provides enough addresses to allow the Internet to continue to expand, solving the

problem of IPv4 address shortage. Currently, a huge amount of IPv4 services has been

transmitted on the Internet, and therefore carriers still need to use IPv4 on the network. A

reasonable approach is to gradually introduce IPv6 without affecting existing IPv4 services

and build a pure IPv6 Internet with the growing popularity of IPv6. In this situation, transition

from IPv4 to IPv6 is required. During the transition, the following solutions are available:

In the first phase, IPv4 and IPv6 users use NAT64, DNS, and AAA technologies to

access IPv4 services over IPv4 networks.

In the second phase, IPv4, IPv6, and dual-stack users access IPv6 services over

dual-stack networks.

In the third phase, IPv4, IPv6, and dual-stack users use CGN transition technologies

(NAT444 and DS-Lite) to access IPv6 services over IPv6 networks.

The HUAWEI NetEngine80E/40E can provide dual-stack access and CGN transition

technology.


ServiceRouter




59

CGN Transition Technology: Centralized Deployment

Figure 10-4 Application scenario of centralized deployment

In centralized deployment mode, a CGN device is deployed on an aggregation node (CR) to

provide the CGN function, which brings no or small changes to existing access nodes

(BRASs). Centralized deployment applies to the networks on which a small amount of

services are transmitted on CRs or a small number of BRASs are connected to CRs.

CGN Transition Technology: Distributed Deployment

Figure 10-5 Application scenario of distributed deployment

In distributed deployment mode, CGN cards are installed on access nodes (BRASs) to provide

the CGN function, which brings no changes to existing aggregation nodes (CRs). Distributed

deployment applies to the networks on which a large amount of services are transmitted on

CRs, a large number of BRASs are connected to CRs, or a large number of devices need to be

deployed or upgraded.


ServiceRouter

Product Description 11 Operation and Maintenance



60

11 Operation and Maintenance

About This Chapter

11.1 System Configuration Modes

11.2 System Management and Maintenance

11.3 Device Running Status Monitoring

11.4 HGMP

11.5 System Service and Status Tracking

11.6 System Test and Diagnosis

11.7 NQA

11.8 In-Service Debugging

11.9 Upgrade Features

11.10 License

11.11 Other Operation and Maintenance Features

11.1 System Configuration Modes

The NE40E supports two configuration modes: command line configuration and NMS

configuration.

You can configure the NE40E by using command lines through the following:

Console port

Auxiliary (AUX) port

Telnet

As a command interface, the console port can send command lines to the control plane.

As a debugging interface, the console port can receive debugging information from the

control plane and data plane, and deliver debugging commands and control commands.

The NMS configuration supports the configuring NE40E through the SNMP-based NMS.


ServiceRouter




61

11.2 System Management and Maintenance

The NE40E provides powerful system management and maintenance functions:

Plug and play

Board detection, hot swap detection, Watchdog, board resetting, RUN indicator, system

debugging, fan and power supply control, master/slave switchover control, and version

inquiry

Local and remote software upgrade/data upload, and functions such as version rollback,

backup, saving, and clearing of version information

Supports inband and outband NMS interfaces.

Hierarchical user authority management, operation log management, command line

online help, and commands comments.

Three user authentication modes: local authentication, RADIUS authentication, and

HWTACACS authentication, which authenticate and authorize users through command

lines and SNMP.

Multi-user operation

Query on Layer 2 or Layer 3 interfaces

Hierarchical management, alarm classification, and alarm filtering

Interface and optical modules support the shutdown and undo shutdown commands

11.3 Device Running Status Monitoring

NE40E provides complete equipment status monitoring function through the information

center.

Syslog is a sub-function of the information center. Syslog is transported over UDP and it

outputs log information to the log host through port 514.

The information center receives and processes the following types of information:

Log information

Debugging information

Trap information

According to information severity or urgency, the information is classified into eight severity

levels. The lower the level, the higher the severity. The following table shows the detailed

information.

Level

Severity

Description

0 Emer

gency

A fatal exception occurs on the device. The system is unable to function

properly and must be restarted. For example, the device is restarted due to

program exceptions or memory usage errors are detected.

1 Alert A serious exception occurs on the device, which requires immediate

actions. For example, the memory usage of the device reaches the upper

threshold.

2 Critic A critical exception occurs on the device, which needs to be handled and


ServiceRouter




62

Level

Severity

Description

al analyzed. For example, the memory usage exceeds the alarm threshold; the

temperature exceeds the alarm threshold; and Bidirectional Forwarding

Detection (BFD) detects that a device is unreachable or detects error

messages generated by the local device.

3 Error Improper operation is performed or abnormal process occurs on the device,

which does not affect subsequent services but requires attention and cause

analysis. For example, users enter incorrect commands or passwords; error

protocol packets are received by other devices.

4 Warn

ing

An abnormality that may cause the device to malfunction occurs on the

device, which requires attention. For example, a routing process is disabled

by the user; BFD detects packet loss; and error protocol packets are

detected.

5 Notic

e

A key operation is performed to keep the device running normally. For

example, the user runs the shutdown command on the interface, a neighbor

is discovered, and the protocol state machine changes status.

6 Infor

matio

nal

A routine operation is performed. For example, the user runs a display

command.

7 Debu

gging

A routine operation is performed, which requires no action.

The information center supports 10 channels, of which channels 0 through 5 each have a

default channel name. By default, the six channels correspond to six directions in which

information is output. The log information on the CF card is output to log files through

Channel 9 by default. This means that a total of seven default output directions are supported.

When multiple log hosts are configured, you can configure log information to be output to

different log hosts through one channel or multiple channels. For example, you can configure

some log information to be output to a log host through Channel 2 (loghost), and some log

information to a log host through Channel 6. In addition, you can change the name of Channel

6 to implement the desired channel management.

The NE40E stores all alarms in a log file, and provides the CF card to store the log file. How

long the alarms can be stored depends on the number of the alarms. Generally, the alarms can

be stored for months.

11.4 HGMP

The NE40E supports the Huawei Group Management Protocol (HGMP). HGMP is a cluster

management protocol developed by Huawei.

HGMP is used to group Layer 2 devices that are connected to the NE40E into a unified

management domain, that is, a cluster. HGMP supports automatic collection of network

topologies and provides integrated maintenance and management channels. In this manner, a

cluster uses only one IP address for external communications, simplifying device management

and saving IP addresses.


ServiceRouter




63

11.5 System Service and Status Tracking

The NE40E provides the following functions for tracking system services and status:

Monitors the change of the state machine of routing protocols.

Monitors the change of the state machine of MPLS LDP.

Monitors the change of the state machine of a VPN.

Monitors the types of protocol packets sent by the forwarding engine to the control plane

and displays detailed information about packets by enabling debugging.

Detects and counts the statistics on malformed packets.

Supports HGMP.

Displays a notification when the processing of abnormality starts.

Collects the statistics on the resources used by each feature.

11.6 System Test and Diagnosis

The NE40E supports the debugging of running services, including online recording of key

events, packet processing, packet parsing, and status switching of services at specified time,

which serves as powerful support for device commissioning and networking. Debugging can

be enabled or disabled through the console interface for specific service (a specific routing

protocol) or specific interface (information about a routing protocol on a specific interface).

The NE40E provides the system-based trace function to detect and diagnose running software,

online recording of important events such as task switchover and interruption, queue reading

and writing, and system abnormality. If the system is restarted after a fault occurs, the NE40E

can read trace information that functions as a reference for fault location. Trace can be

enabled and disabled through commands on the console interface.

In addition, the NE40E supports real-time query about CPU usage of the MPU and LPU.

Debugging and trace information provided by the NE40E is classified into different levels.

Sensitive information with different levels can be output to different destinations as

configured. For example, information can be output to the console interface, Syslog server, or

SNMP agent to trigger traps.

11.7 NQA

The NE40E supports Network Quality Analysis (NQA).NQA measures the performance of

different protocols running on the network. In that case, carriers can collect the operation

index of networks in real time, such as:

Total delay of the HTTP

Delay in TCP connection

Delay in DNS resolution

File transmission speed

Delay in FTP connection

DNS resolution error rate.


ServiceRouter




64

Taking control of these indexes, carriers can provide network services of different levels

and charge differently. NQA is also an effective tool for diagnosing and locating a

network fault.

NQA supports the following functions:

PWE3 traceroute

Multicast ping

Multicast traceroute

Traceroute function through DISMAN-TRACEROUTE-MIB

Ping/UDP/TCP/SNMP functions through DISMAN-PING-MIB

CE-ping (ping the host from a VPLS PW)

VPLS MAC ping and VPLS MAC trace

VPLS MAC purge and VPLS MAC populate

LSP ping, LSP tracerout, and MPLS jitter

Verification of DNS functions through DISMAN-NSLOOKUP-MIB

NMS management over all NQA functions through NQA-MIB

Transmission of consecutive 3000 simulated voice packets in one test

Minimum transmission intervals at 10 ms

NQA for multiple next hops in packet redirection

11.8 In-Service Debugging

The NE40E provides port mirroring to map specific traffic to a certain monitoring interface.

In this case, in-service debugging can be performed for the advanced maintenance engineers

to debug and analyze the operation status of the network.

11.9 Upgrade Features

In-Service Upgrade

The NE40E supports in-service software upgrade. At the same time, the NE40E provides

online patching for the system software. You can upgrade only the features that need to be

improved.

One-Command System Upgrade

The upgrade process of the NE40E is optimized. You can use one command to complete the

upgrading. Thus, you can save time. During the upgrading process, the progress is displayed.

After the upgrading is complete, you can view the results.

Software Version Rollback

During the upgrading process, if the system fails to start by using the new system software,

the system software in the last successful startup is adopted.


ServiceRouter




65

The rollback function provided by the NE40E prevents the services from being affected by

the failure in system upgrade.

11.10 License

With the variation of the NE40E software functions and higher ratio of software cost

occupying the overall cost, the current service mode cannot satisfy the development

requirements of customers and carriers.

Common users need to reduce the purchase cost.

Upgrade and expansion users need to effectively control the capacity and functions.

To satisfy the requirements of different users, the NE40E needs to implement the flexible

authorization to service modules.

For the authorization control of service modules, the NE40E provides the License

authorization management platform . Through the License authorization mode:

Common users can purchase service modules as required and reduce the purchase cost.

Upgrade and expansion users can expand the capacity, and support and maintain the

functions by applying for a new License.

11.11 Other Operation and Maintenance Features

The NE40E supports the following configuration features in addition to the preceding

features:

Provides hierarchical commands to prevent unauthorized users from logging in to a

device.

Users can type in a question mark "?" to obtain online help.

Provides detailed debugging information to diagnose network faults.

Provides DosKey-like functions to run a history command.

Provides command line descriptors for partial match of keywords not conflicting with

keywords of other command lines. For example, you can enter "disp" for the display

command.


ServiceRouter

Product Description 12 NMS



66

12 NMS

SNMP

The NE40E supports device operation and management by the network management station

through SNMP.

The NE40E supports SNMPv1, SNMPv2c, and SNMPv3.

SNMPv1

SNMPv1 supports community name-based and MIB view-based access control.

SNMPv2c

SNMPv2c supports community name-based and MIB view-based access control.

SNMPv3

SNMPv3 inherits the basic functions of SNMPv2c, defines a management frame, and

introduces a User-based Security Model (USM) to provide a more secure access control

mechanism for users.

SNMPv3 supports user groups, user group-based access control, user-based access

control, and authentication and encryption mechanisms.

NMS

The NE40E adopts Huawei iManager U2000 network management system. The U2000

improves its management capability, scalability, and usability to construct a unified and

customer-oriented next-generation NMS.

Unified and Abundant NBIs

Unified NBIs enable the U2000 to manage transport equipment, access equipment, IP

equipment.

Abundant NBIs (XML, CORBA, SNMP, TLI, TEXT, and Customer OSS Test) address

the needs for OSS integration.

Unified Network Management

The U2000 manages transport equipment, access equipment, IP equipment in a unified

manner.

In addition, the U2000 manages end-to-end (E2E) services. The services include MSTP,

WDM, Microwave, PTN, ATN, CX, Router, and Switch services.


ServiceRouter

Product Description 12 NMS



67

The U2000 is also capable of managing third-party equipment by obtaining equipment

information directly through IP and SNMP protocols. Third-party equipment

management includes:

− Topology management: Third-party NEs can be added to the U2000 and then

displayed in the topology view. The system also supports manually creating links and

automatically discovering IP links for these third-party NEs.

− Resource management: Users can view manufacturer information, IP addresses, and

interfaces of third-party NEs.

− Alarm management: Users can manage alarms in compliance with the IETF RFC

standards for third-party NEs.

− Performance management: Users can perform routine and real-time performance

statistics collection for interfaces on third-party NEs.

− Report management: The U2000 provides traffic reports for interfaces on third-party

NEs.

Multiple Operating Systems

The U2000 was developed based on Huawei's integrated management application

platform (iMAP). The U2000 supports Sun workstations, PC servers, Sybase databases,

SQL Server databases, Solaris, Windows, and SUSE Linux operating systems (OSs).

Leading Scalable NMS Architecture

By adopting the mature and widely-used client/server (C/S) architecture, the U2000

supports distributed and hierarchical database systems, service processing systems, and

client application systems. Modularized architecture is scalable so that the U2000 meets

the management requirements of complex and large-scale networks

Visualized Management

− Service supervision

− Visualized trails

− Service deployment

− Object relationship

− Network-wide clock

LLDP

The Link Layer Discovery Protocol (LLDP) is a Layer 2 protocol defined in IEEE 802.1ab.

LLDP specifies that the status information is stored on all interfaces and the device can send

its status to the neighbor stations. The interfaces can also send information about changes in

the status to the neighbor stations as required. The neighbor stations then store the received

information in the standard SNMP MIB. The NMS can search for Layer 2 information in the

MIB. As specified in the IEEE 802.1ab standard, the NMS can also discover unreasonable

Layer 2 configurations based on information provided by LLDP.

When LLDP runs on the devices, the NMS can obtain Layer 2 information about all the

devices to which it connects and detailed network topology information. This is helpful to the

rapid expansion of the network and acquirement of detailed network topologies and changes.

LLDP also helps discover unreasonable configurations on networks and reports the

configurations to the NMS. This removes incorrect configurations in time.


ServiceRouter

Product Description A Acronyms and Abbreviations



68

A Acronyms and Abbreviations

A

AAA Authentication, Authorization and Accounting

AAL5 ATM Adaptation Layer 5

AC Access Controller

ACL Access Control List

AF Assured Forwarding

ANSI American National Standard Institute

AP Access Point

ARP Address Resolution Protocol

ASBR Autonomous System Boundary Router

ASIC Application Specific Integrated Circuit

ATM Asynchronous Transfer Mode

AUX Auxiliary (port)

B

BE Best-Effort

BGP Border Gateway Protocol

BGP4 BGP Version 4

BoD Bandwidth on Demand

C

CAR Committed Access Rate

CBR Constant Bit Rate

CE Customer Edge


ServiceRouter




69

CHAP Challenge Handshake Authentication Protocol

COPS Common Open Policy Service

CoS Class of Service

CPU Center Processing Unit

CR-LDP Constrained Route - Label Distribution Protocol

D

DAA Destination Address Accounting

DC Direct Current

DHCP Dynamic Host Configuration Protocol

DNS Domain Name Server

DS Differentiated Services

E

EACL Enhanced Access Control List

EF Expedited Forwarding

EMC EElectroMagnetic Compatibility

F

FCC Fast Channel Change

FE Fast Ethernet

FEC Forwarding Equivalence Class

FIB Forward Information Base

FIFO First In First Out

FR Frame Relay

FTP File Transfer Protocol

G

GE Gigabit Ethernet

GRE Generic Routing Encapsulation

GTS Generic Traffic Shaping

H


ServiceRouter




70

HA High availablity

HDLC High level Data Link Control

HTTP Hyper Text Transport Protocol

I

iVSE Integrated Value-added Service Engine

ICMP Internet Control Message Protocol

IDC Internet Data Center

IEEE Institute of Electrical and Electronics Engineers

IETF Internet Engineering Task Force

IGMP Internet Group Management Protocol

IGP Interior Gateway Protocol

IP Internet Protocol

IPoA IP Over ATM

IPTN IP Telephony Network

IPTV Internet Protocol Television

IPv4 IP version 4

IPv6 IP version 6

IPX Internet Packet Exchange

IS-IS Intermedia System-Intermedia System;

ISP Interim inter-switch Signaling Protocol

ITU International Telecommunication Union - Telecommunication

Standardization Sector

L

L2TP Layer 2 Tunneling Protocol

LAN Local Area Network

LCD Liquid Crystal Display

LCP Link Control Protocol

LDP Label Distribution Protocol

LER Label switching Edge Router

LPU Line Processing Unit

LSP Label Switched Path


ServiceRouter




71

LSR Label Switch Router

M

MAC Media Access Control

MBGP Multiprotocol Border Gateway Protocol

MD5 Message Digest 5

MIB Management Information Base

MP Multilink PPP

MPLS Multi-protocol Label Switch;

MSDP Multicast Source Discovery Protocol

MSTP Multiple Spanning Tree Protocol

MTBF Mean Time Between Failures

MTTR Mean Time To Repair

MTU Maximum Transmission Unit

N

NAT Network Address Translation

NLS Network Layer Signaling

NP Network Processor

NTP Network Time Protocol

NVRAM Non-Volatile Random Access Memory

O

OSPF Open Shortest Path First

P

PAP Password Authentication Protocol

PBB Provider Backbone Bridge

PE Provider Edge

PFE Packet Forwarding Engine

PIC Parallel Interference Cancellation

PIM-DM Protocol Independent Multicast-Dense Mode

PIM-SM Protocol Independent Multicast-Sparse Mode

POP Point Of Presence


ServiceRouter




72

POS Packet Over SDH/SONET

PPP Point-to-Point Protocol

PQ Priority Queue

PT Protocol Transfer

PVC Permanent Virtual Channel

Q

QoE Quality of Experience

QoS Quality of Service

R

RADIUS Remote Authentication Dial in User Service

RAM Random-Access Memory

RED Random Early Detection

RFC Requirement for Comments

RH Relative Humidity

RIP Routing Information Protocol

RMON Remote Monitoring

ROM Read Only Memory

RP Rendezvous Point

RSVP Resource Reservation Protocol

RSVP-TE RSVP-Traffic Engineering

S

SAP Service Advertising Protocol

SCSR Self-Contained Standing Routing

SDH Synchronous Digital Hierarchy

SDRAM Synchronous Dynamic Random Access Memory

SFU Switch Fabric Unit

SLA Service Level Agreement

SNAP SubNet Attachment Point

SNMP Simple Network Management Protocol

SONET Synchronous Optical Network


ServiceRouter




73

SP Strict Priority

SPI4 SDH Physical Interface

SSH Secure Shell

STM-16 SDH Transport Module -16

SVC Switching Virtual Connection

T

TCP Transfer Control Protocol

TE Traffic Engineering

TFTP Trivial File Transfer Protocol

TM Traffic Manager

ToS Type of Service

TP Topology and Protection packet

U

UBR Unspecified Bit Rate

UDP User Datagram Protocol

UNI User Network Interface

UTP Unshielded Twisted Pair

V

VBR-NRT Non-Real Time Variable Bit Rate

VBR-RT Real Time Variable Bit Rate

VC Virtual Circuit

VCI Virtual Channel Identifier

VDC Variable Dispersion Compensator

VLAN Virtual Local Area Network

VLL Virtual Leased Line

VPI Virtual Path Identifier

VPLS Virtual Private LAN Service

VPN Virtual Private Network

VRP Versatile Routing Platform

VRRP Virtual Router Redundancy Protocol


ServiceRouter




74

W

WAN Wide Area Network

WFQ Weighted Fair Queuing

WRED Weighted Random Early Detection

WRR Weighted Round Robin

Documents

Huawei NE40E-X1X2 Product Description (2012!11!10)