MEN Part 1- Day1-Ver1_NoRestriction

8/14/2019 MEN Part 1- Day1-Ver1_NoRestriction

1/162


2/162

Network Learning Centre

Proprietary & Confidential1

1

MEN Part 1

50464928


3/162

Network Learning CentreProprietary & Confidential

22

Class IntroductionsClass Introductions

Participant IntroductionsParticipant Introductions

NameName Location (city)/ DepartmentLocation (city)/ Department

How long with RelianceHow long with Reliance

Work experience in Data?Work experience in Data?

ExpectationsExpectations


4/162


5/162



4

Agenda

Day 1

Module 1

VLAN

Module 2

QinQ

Module 3

Devices Cisco & Huawei


6/162



5

Agenda

Day 2

Exercises

Basic Commands

Clear the Configuration

Telnet Configuration

Management Vlan

QinQ (optional)


7/162



6

Day 3

Module 4

STP

RSTP

MSTP

Exercise

MSTP

Agenda


8/162



7

Agenda

Day 4

Module 5

OSPF

Exercises

OSPF - 5 labs


9/162



8

Agenda

Day 5

Module 6

BGP and MPLS Overview

Module 7

MEN Architecture & Services

Feedback & Test


10/162

Course Name

Confidential Information of Huawei. No

Spreading Without Permission N



9Page9

MAN Network Evolution

Service

Access

Core

X.25

ADSL

Ethernet

PSTN

IP

ATM

FR

GSM/GPRS CDMA

Cable

PDHSDH

W

irelessVoice

WirelessData

HighSpeed

Internet

Voice

Streaming

Dial-up

VoIP

Message

Today

WirelessDSL FTTP/HFC3G

RAN

IP / MPLS

Network

Location&

Presence

Message

OnlineGaming

Voice

Data

Video

Storage

Directory

Tomorrow

z Multiple networks merge together

z IP basedz Lower TCO

z Unified network, diversified services

z Gradual evolution

TCO: Total Cost of Ownership

IP network can transmit multi-services, such as VoIP, internet data and IPTV.Other networks can not do it.


11/162

Course Name


Spreading Without Permission N-



10Page10

Position of Metro Ethernet


12/162


13/162


14/162

Course Name





13Page13

Characteristics of Metro Ethernet

MetroANCore

(IP/MPLS)

MetroEthernetMetro

Ethernet

z High Availability Switchover:


15/162



14

Module 1

VLAN


16/162



15Page 15

Broadcast Storm

broadcast

The traditional network is a flat structure in which one LAN belongs to thesame collision domain. The broadcast messages sent by any host will bereceived by other hosts in the same broadcast domain. Replacing the hub withthe bridge (layer 2 switch) in the networking greatly improves the efficiencyof the unicast message transmission in the network as well as the

performance of the layer 2 network. But the bridge will still make severalcopies of the broadcast messages in transmitting the broadcast messages tosend them to each corner of the network. With the increase of the networkscale, there are more and more broadcast messages in the network, which willoccupy more and more network resources that will seriously influence thenetwork performance. This is called broadcast storm.

Due to limitation of the working principle at the layer 2 network of thebridge, it can do nothing to the broadcast storm. In order to improve thenetwork efficiency, normally the network will be divided into segments:dividing one big broadcast domain into several small broadcast domains.


17/162



16Page 16

Divide Broadcast Domain by Router

broadcast

In the past, the segmentation is made on the LAN through the routers. Inthe figure above, we can replace the central node switch in the former figurewith the router to greatly diminish the transmitting range of the broadcastmessage. This solution solves the broadcast storm problem. But thesegmentation by the routers is to separate the network physically. As a result,

the network planning is too complex and the networking mode is not flexible,it will also increase the management and maintenance difficulty enormously.As an alternative LAN segmentation method, the virtual local area networkhas been introduced into the network solution to solve the problems occurringin the large-scale layer 2 environment.


18/162


19/162



18

VLAN

Vlan range 1- 4094

1- default

2-1005 normal

1006 4094 - extended


20/162



19Page 19

Advantages of VLAN

Compared to the traditional LANtechnology, the VLAN has the followingadvantages:

Improve the bandwidth utilization rate

Enhance the communication security

Strengthen the network robustness.

The VLAN application has solved many problems occurred in the large-scale layer 2 switching network:

Improve the bandwidth utilization rate:The VLAN can effectively solvethe performance declining problem caused by the broadcast storm;

Enhance the communication security:The message of one VLAN will

not be received by the hosts in other VLANs;Strengthen the network robustness: When the network scale increases,the failure in part of the network will influence the whole network. Afterintroducing the VLAN, some network failure can be limited withinone;

As the VLAN makes the segmentation on the network logically, the flexiblenetworking solution and simple configuration management reduce themanagement and maintenance cost.


21/162



20Page 20

Port Based VLAN

VLAN TableVLAN Table

Port 1Port 2Port 3 Port 4

Host AHost A Host BHost B Host CHost C Host DHost D

LAN SwitchLAN Switch

Port VLAN

Port 1 VLAN5

Port 2 VLAN10

Port 3 VLAN5

Port 4 VLAN10

This kind of VLAN segmentation method is to make the segmentationaccording to the port of the Ethernet switch. For example, the switch ports1~4 belong to the VLAN A, the switch ports 5~17 belong to the VLAN B,and the switch ports 18~24 belong to the VLAN C. Of course, those portsbelonging to the same VLAN may not in consecutive numbers. The

administrator decides how to make the configuration.In the figure, the port 1 and port 3 are designated to the VLAN 5, and the

port 2 and port 4 are designated to the VLAN 10. The host A and host Cconnect to the port 1 and port 3 respectively. Therefore they belong to theVLAN5.In the same way, the host B and host D belong to the VLAN 10.

If there are several switches, you can designate that the ports 1~6 of theswitch 1 and the ports 1~4 of the switch 2 belong to the same VLAN. Thatsto say, the same VLAN can cross several Ethernet switches. The port-basedsegmentation is the most commonly used method in defining the VLAN. Theadvantage of this segmentation method is that it is simple to define the

VLAN members by only defining all the ports. Its disadvantage is that theport should be defined again if the VLAN subscriber leaves the original portto a certain port of a new switch .


22/162



21Page 21

Format of 802.1Q Frame

DA SA Type Data CRC

Standard Ethernet Frame

DA SA Type Data CRCtag

TPID Priority CFI VLAN ID

TCI

Ethernet Frame with IEEE802.IQ Flag

The four-byte 802.1q tag head contains 2-byte tag protocol identifier(TPID) and two-byte tag control information (TCI).

TPID (Tag Protocol Identifier) is a new type defined by the IEEE,indicating that the frame bears the 802. 1Q tag. The TPID contains a fixedvalue 0x8100.

The TCI contains the frame control information including the followingelements:

Priority: Three bits indicate the frame priority with total 8 priority levelsranging 07. The IEEE 802.1p standard uses this three-digit information.

Canonical Format Indicator (CFI): If the CFI value is 0, it indicates thestandard format, and 1 indicates non-standard format. It is used in the tokenring /source routing FDDI medium access method to indicate the bitssequence information of the address in the encapsulated frame.

VLAN Identified (VLAN ID): This 12-digit domain indicates the VLAN

ID which totals 4096 and each supports 802.1q. Each data packet sent by thehost that supports the 802. 1Q protocol will contain this domain to indicatewhich VLAN it belongs to.

In the switching network environment, the Ethernet frame hastwo formats:Frames without such four-byte tag are called untagged frames; Frames withsuch four-byte tag are called tagged frame.


23/162



22Page 22

Link Type

Access Li nkAcc ess Link

Trunk Link or Hybrid LinkTrunk Link or Hybrid Link

The access link refers to the link that connects the host and switch. Innormal case, the host does not need to know which VLAN it belongs to, andthe host hardware does not need to support the frames with VLAN tags. Theframes sent and received by the host are all frames without tag.

The access link connected to a certain port that belongs to but only one

VLAN. This port can not directly receive the information from other VLANsor send the information to other VLANs. The information of differentVLANs should pass the layer 3 routing processing before forwarded to thisport.

The trunk link can bear multiple data links of different VLANs. The trunklink normally refers to the interconnection between switches, or betweenswitches and routers.

When the data frame is transmitted over the trunk link, the switch must useone method to identify which VLAN the data frame belongs to. The IEEE802.1q has defined the VLAN frame format. All the frames transmitted over

the trunk links are tagged frames. Through such tags, the switch can confirmwhich VLANs those frames belong to.

Different from the access link, the trunk link serves to bear the VLAN databetween different equipments (such as between switches and routers, orbetween switches). Therefore, the trunk link does not belong to any specificVLAN. Through the configuration, the trunk link can bear all theVLAN data.The configuration can also be made to transmit only the designated VLANdata.

Although the trunk link does not belong to any specific VLAN, one pvid(port VLAN ID) should be configured to the trunk link. In case that the

untagged frames appear in the trunk link for any reason, the switch will add


24/162



23

VLAN Trunking

Allows to send traffic for multiple VLAN across

single link. Two devices must support same trunking protocol

802.1q

Device adds a header called tag to the originalEthernet frame which has field for VLAN ID

Allowed VLANs Each trunk allows all VLANs bydefault. However, they can be added or removedfrom the list.


25/162



24Page 24

Frame Changes in NetworkCommunication

VLAN 2 VLAN 3

VLAN 3 VLAN 2

Ethernet frame with tag

Ethernet frame with tag

Ethernet framewithout tag

The figure shows a LAN environment in which there are two switches inthe network and two VLANs configured. The link between the host andswitch is the access link. Switches connect each other through the trunk link.

For the host, it does not need to know whether the VLAN exists. All themessages sent by the host are untagged messages; when the switch receives

those messages, it will judge which VLAN the message belongs to accordingto the configuration principle (such as port information) before making theprocessing. If the messages have to be sent through another switch, themessages should be transmitted over the trunk link to another switch. In orderto guarantee that other switches process the VLAN information of themessages correctly, the messages sent over the trunk link are all with theVLAN tags.

When the switch finally confirms the ports that the messagesare sent to, itwill delete the VLAN tag in the Ethernet before sending the messages to theports. In this way, the messages received by the host are the Ethernet frames

without VLAN tags.Therefore, in normal case, the frames transmitted over the trunk link are all

tagged frames. The frames transmitted over the access link are all untaggedframes. The final result of this practice is that the VLAN configured in thenetwork can be processed correctly by all the switches, and the host does notneed to understand the VLAN information.


26/162



25Page 25

Trunk and VLAN

BroadcastBroadcastTrunk LinkTrunk Link

VLAN 4

VLAN 2 VLAN 4 VLAN 3 VLAN 2 VLAN 4 VLAN 5 VL AN 5 VL AN 2

VLAN 5

No matter how many switches one network includes, and no matter howmany switches one VLAN crosses, each VLAN confirms one broadcastdomain according to the VLAN definition. The broadcast messages can bereceived by all the hosts in the same broadcast domain. That's to say, thebroadcast messages should be sent to all the ports of one VLAN. The VLAN

may cross multiple switches. When one switch receives the broadcastmessage from one port of a certain VLAN, the switch should transfer themessage by performing the following principles to guarantee that all the hostsin the same VLAN will receive this broadcast message:

1Send to other ports of the same VLAN of this switch;

2Send this message to all the trunk links of this VLAN that the switchcontains, so that the ports of the same VLAN of other switches can also sendthis message.

One port is set as the trunk port. That is to say, the link connected to thisport is set as the trunk link. Whilst it should be configured what VLAN

messages can pass the trunk link. Before configuring which VLAN is allowedto pass through, we should consider the network configuration situation. Inthe meanwhile, we should not allow the trunk link to pass all the VLANs:Because all the broadcast messages should be sent to all the ports of eachVLAN, and those broadcast messages will be transmitted to other switchesover the trunk link. If there is no port of this VLAN member at the other sideof the trunk link, it will waste the bandwidth resource and processing time.

For most subscribers, the manual configuration is troublesome. A large-scale network may contain multiple VLANs. As the network configurationchanges at any time, it is quite complex to configure the trunk ports according

to the topology structure of the network. The GVRP protocol can solve this


27/162



26

#switchport mode access

#switchport mode trunk

#switchport trunk allowed vlan add900

Cisco Commands


28/162



27

GARP/GVRP

(Not used in RCOM)


29/162



28Page 28

Generic Attribute Registration Protocol(GARP)

Att ribut e claim and reg ist rati on

GARP message

GARP model

a: to register attributes that the peer claimed

A: To claim its attributes to the peer

Attribute will be broadcast to the whole network

through GARP "claim-register-claim" process

Att ribut e clai m and regi st rati on

GARP work process

To understand GVRP, we have to mention GARP. The full name of theGARP is Generic Attribute Registration Protocol, which provides the meansof the information distribution, transmission and registration for the switchingmembers such as the VLAN and multicast address in the same switchingnetwork. Through the GARP mechanism, the configuration information of

one GARP member will be transmitted instantly to the whole switchingnetwork.

Through the claim and reclaim, the GARP member informs other GARPmembers to register or logout its attribute information. In the same way,according to the claim or reclaim registration from other GARP members, itcan logout the attribute information at the opposite side.

The GARP itself is only a protocol specification but not an entity existingin the switch. The application entity that observes the GARP protocol iscalled the GARP application. At present, the main GARP application isGVRP and GMRP.

The GVRP is the VLAN registration protocol, with full name GARPVLAN Registration Protocol. The GVRP, which adopts the GARP-basedworking mechanism, maintains the VLAN dynamic registration informationof the switch. All the switches supporting the GVRP attribute can receive theVLAN registration information from other switches, and dynamically updatethe local VLAN registration information. The VLAN registration informationtransmitted by the GVRP includes the static registration informationconfigured manually in the local switch and the dynamic registrationinformation from other switches.

According to the VLAN registration information, the switch can

understand What VLAN there are at the opposite side of the trunk link. So it


30/162



29Page 29

GARP VLAN Registration Protocol(GVRP) Pruning

VLAN 1VLAN 1

VLAN 2VLAN 2

VLAN 1VLAN 1

VLAN 1VLAN 1

VLAN 2VLAN 2

VLAN 1VLAN 1

AA BB

AA BB

The frame tagged with vlan 2The frame tagged with vlan 2

can not pass throughcan not pass through

VLAN 2VLAN 2

Add vlan 2Add vlan 2

CC

CC

E0/1E0/1 E0/1E0/1 E0/2E0/2 E0/1E0/1

E0/1E0/1 E0/1E0/1 E0/2E0/2 E0/1E0/1

It is shown in the above figure how the GVRP works. Different from thedefault trunk link, the trunk link can decide whether to bear the message of acertain VLAN according to the VLAN status at the opposite side. In this way,it guarantees that the broadcast message transmitted over the trunk link iscorresponding to the port at the opposite switch which requires sending thismessage.

In the initial status of the figure, the switch A and B connect with eachother through the trunk link, and so do switch B and C. The switch Aconfigures two VLANs: VLAN 1 and VLAN 2. While the switch C has onlyVLAN 1, all the switches enable GVRP protocol. As we know, because ofGVRP protocol, all the switches have the attribute of vlan 2, but if we showthe status of Ethernet 0/2 on switch B, we can find that this port can not allowthe vlan2 frame to be passed because the vlan 2 attribute is not beingregistered in the port.

From the lower part of the figure we can see that VLAN 2 is newlyconfigured in the port of switch C. The GVRP protocol operating in the threeswitches will automatically update the VLAN registration status, andconfigure the trunk link to allow the messages from VLAN 2 to transmit overthe trunk link.

In the future, if a certain switch deletes one VLAN, the GVRP will alsoupdate the VLAN registration information, and configure the trunk link toforbidden the unnecessary VLAN message transmission over the trunk link.


31/162



30Page 30

InterInter--vlan Routingvlan Routing

L3 ForwardingL3 Forwarding


32/162


33/162



32Page 32

Insulating layer 2 broadcast domain

zVLAN has insulated the layer 2 broadcast domain, thus strictlyinsulate any flow between any two VLANs

VLAN 100 VLAN 200

In order to solve the problems such as the low efficiency and securitycaused by the broadcast, the concept VLAN is introduced that each VLAN isdesigned into one independent broadcast domain in the network that supportsthe VLAN function and is constructed by the switches.

Each VLAN is strictly separated. Any frame can not be forwarded from the

VLAN belonged to other VLANs. The whole network is divided into severalbroadcast domains in small scale. The network broadcast is controlled in acomparatively small scope so that it increases the network bandwidthutilization rate and improves the network efficiency and performance.

Everyone can not directly access one point of the network from anotherpoint of the network, or monitor the frames of the whole network with nolimitation. The separated broadcast domain improves the network security.

The VLAN can perform the subscriber grouping. By configuring theVLAN, it realizes the flexible network management. Whilst the network ismoved, the network design can be modified easily without any tedious and

time-consuming work on modifying the network wiring because of theflexible configuration of the switch.


34/162



33Page 33

Inter-VLAN communication

z Flows between different VLANs cannot directly cross VLAN

boundaries, we can use routers so that messages can betransferred from one VLAN to another VLAN

VLAN 100 VLAN 200

VLAN 300

"Where there is no connection, there is no network". When one network isdivided into multiple broadcast domains by the VLAN, all the VLANs cannot access each other because the flow of each VLAN is separatedphysicallyin nature.

Separating the network is not the final target of building the network.

Choosing the VLAN separation is only to optimize the network andour targetis to make the whole network interconnected finally.

The solution to the inter-VLAN communication is to configure 3-layerfacilities with the routing functions. The internal flow of the VLAN isperformed in the original layer 2 network within the VLAN. Thecommunication flow from one VLAN to another VLAN is forwarded throughthe routing at layer 3. After it is forwarded to the destination network, themessage is finally sent to the destination host through the layer 2 switchingnetwork.

As the layer 3 function adopts the no-forwarding strategy to the broadcast

messages in the Ethernet, configuring the routing function between VLANswill not change the intention of dividing the VLAN to separate the broadcast.

We can interconnect the layer 3 functions of the VLAN through variousconfigurations, such as the routing protocol configuration and the accesscontrol configuration to form the control strategy on the mutual accesses ofthe VLANs and make the network status under control.


35/162



34Page 34

Route selection in inter-VLANcommunication

z A default gateway is configured at the host; for non-local communication, the

host will automatically search for the default gateway, and send themessages to the default gateway for transferring instead of directly sending

to the destination host

VLAN 100VLAN 100

1.1.1.10/241.1.1.10/24

VLAN 200VLAN 200

2.2.2.20/242.2.2.20/24

Ping 2.2.2.20Ping 2.2.2.20

NonNon--local communicationlocal communicationUsing default g atewayUsing default g ateway

network1.1.1.0/24 at interface 1network1.1.1.0/24 at interface 1network2.2.2.0/24 at interface 2network2.2.2.0/24 at interface 2

In the network ,we divide the VLAN and interconnect the VLANs throughrouters, how do the hosts of the network communicate with each other?

First, let's give such a definition:

The hosts located in the same VLAN are called the local hosts. Thecommunication between the local hosts is called the local communication.

The hosts located in different VLANs are called non-local hosts. Thecommunication between non-local hosts is called non-local communication.

For the local communication, the hosts at both communicationsides locatein the same broadcast domain. The flow of two hosts can directly reach eachother. As the communication process is the same as which in the flat layer 2network, the details will not be described here.

For the non-local communication, the hosts at both communicating sideslocate in different broadcast domains. The flow of two hosts cannot directlyreach each other. The host can not request the address of the opposite side

through the ARP broadcast request. The current communication can only becompleted with the help of the intermediate router.

The routers between VLANs act as the gateway for each VLAN.Therefore, the hosts that make mutual communication through the routersshould know whether the routers exist and their addresses.

After configuring the router, configure the default gateway as the interfaceaddress of the router with this VLAN in the host.

As shown in the above figure, the host 1.1.1.10 should communicate with2.2.2.20.

At first, the host 1.1.1.10 compares the local subnet masks to find that it

can not directly access the destination host as the destination host is not the


36/162



35Page 35

One physical connection for everyVLAN

z VLAN is configured on layer 2 switches, and every VLAN uses a

unique physical connection to one interface of the router.

VLAN 100VLAN 100 VLAN 200VLAN 200VLAN 300VLAN 300

As described before, the inter-VLAN communication operates through therouters. So there exists the Inter-network option problem in establishing thenetwork.

According to the traditional network building principle, each VLANrequiring the inter-networking will build an independent physical link to the

router. Each VLAN will occupy one switch port and one router port.In such configuration, each routing interface and physical port of the router

are in one-to-one relation. When the router makes the inter-VLAN routing, itforwards the message from one routing interface to another routing interface.In the same time, the message is forwarded from one physical interface toanother physical interface.


37/162



36Page 36

Use VLAN Trunking

z multiple VLANs in the network can share only one physical link.

z On the switch, configure that ports connecting to routers use the VLANTrunking.

z And make the same configuration in the router

VLAN 100VLAN 100 VLAN 200VLAN 200

VLAN 300VLAN 300

Using the VLAN Trunking technology can help optimize the abovenetwork.

The concept VLAN Trunking has been introduced in the chapter VLAN.Using this technology enables the service flow of multiple VLANs to sharethe same physical link. By transmitting the tagged frame in the physical link

of the VLAN Trunking, it distinguishes the flow of each VLAN.In making the inter-VLAN inter-networking, multiple VLANs in the

network can share only one physical link. In the switch, configure that portsconnecting to routers use the VLAN Trunking. And make the sameconfiguration in the router.

In such configuration, every router interface and physical interface in therouter are in many-to-one relation. When the router makes the inter-VLANrouting, it forwards the message from one routing interface to another routinginterface. But the message is forwarded from one physical interface back tothe same physical interface. The VLAN tag is replaced with the destination

network tag after the forwarding.In normal case, the flow of inter-VLAN routing is not enough to reach the

linear speed of the link. Using the VLAN Trunking configuration canimprove the bandwidth utilization rate of the link, save the port resources andsimplify the management. (e.g, if adding one VLAN in the network, you canonly maintain the equipment configuration without changing the networkwiring.)

After using the VLAN Trunking, there is still some performancedeficiencies in using the traditional router to make the inter-VLAN routing.

The routings make use of the universal CPU. The routers make the

forwarding totally relying on the software and support various


38/162



37Page 37

Integration of switching and routing

z Functional integration of layer 2 switches and routers forms the layer 3

switch; the layer 3 switch functionally realizes VLAN classification,VLAN internal layer 2 switching and inter-VLAN route functions.


VLAN 300VLAN 300


VLAN 300VLAN 300

The emerging of the layer 3 switch brings huge economic benefits to thenetwork.

The layer 3 switch adopts the hardware technology to integrate the networkfunctions of the layer 2 switch and routers into one box throughsome cleverprocessing. Thus it improves the network integration and enhances the

forwarding performance.In order to implement the interconnection of heterogeneous networks, the

IP protocol offers abundant functions. The standard IP routing needs to makemuch processing and pass many processes when forwarding each IP message,bringing huge work to the software as described before.

But such work is not necessary for each message processing. Mostmessages only need to pass a small part of the processes. There is a largespace to improve the IP routing method.

The design of the layer 3 switch, based on the careful analysis of the IProuting, picks up the necessary processes that each message should pass in

the IP routing. This process is a simplified process

Most messages in the IP routing do not include the IP option. So the IPoption processing of the message is not necessary in most cases.

The message length in different networks is different. In order to adapt todifferent networks, the IP implements the message partition function.However, in the Ethernet environment, the network frame (message) length isfixed. So the message partition function can be omitted.

The layer 3 switch adopts the accurate address-matching mode forprocessing to enable the hardware to fast inquiry, different from the mode

that requires matching the longest address mask in the router.


39/162



38Page 38

Function model of layer 3 switch

10.110.0.113/2410.110.0.113/24

G:10.110.0.254G:10.110.0.25410.110.1.69/2410.110.1.69/24

G:10.110.1.254G:10.110.1.25410.110.1.88/2410.110.1.88/24

G:10.110.1.254G:10.110.1.254

10.110.2.200/2410.110.2.200/24

G:10.110.2.254G:10.110.2.254

ETH0:10.110.0.254/24ETH0:10.110.0.254/24

ETH1:10.110.1.254/24ETH1:10.110.1.254/24

ETH2:10.110.2.254/24ETH2:10.110.2.254/24

The function of layer 3 switch is corresponding to the part in the dottedline frame of the figure.

As the layer 3 switch integrates functions of routers and the layer 2 switchsupporting the VLAN, it is also called the layer 2 and layer 3 Switch.

Functions of the layer 2 switch and the router are realized in the layer 2

VLAN forwarding engine and layer 3 forwarding engine.

The layer 2 VLAN engine, the same as the layer 2 forwarding engine of thelayer 2 switch supporting the VLAN, uses the hardware to support the layer 2forwarding of multiple VLANs.

The layer 3 forwarding engine uses the hardware ASIC technology torealize the high-speed IP forwarding.

Corresponding to the IP network module, each VLAN is corresponding toone IP network segment. The layer 3 forwarding engine of the layer 3 switchforwards the messages between each network segment (VLAN) to realize the

inter-networking between VLANs. Therefore, the routing function of thelayer 3 switch is called the inter-VLAN Routing.


40/162



39Page 39

Message to message Layer 3 switchingtechnology

1

2

3

1

2

3

1

2

3

1

2

3

z Traditional layer 3 technology processes each message, and transfers

messages based on the destination IP addresses. This method is

called from message to message

The difference between message-to-message switching mode and flowswitching mode is listed below. If each message should pass the layer 3processing and the service flow forwarding is based on the layer 3 address,this switching mode is called the message-to-message switching mode; ifonly the first message passes the layer 3 processing and other subsequent

messages pass only the layer 2 forwarding, this switching mode is called theflow switching mode.

In the message-to-message activity as shown in the figure above, first themessage enter the physical interface at layer 1 of the system OSI referencemodule; next, it reaches the layer 2 to receive the destination MAC addresscheck. If the list check result does not allow the switching, the message willenter the layer 3. At layer 3, the message passes the routing calculation andaddress analysis processing. After passing the layer 3 processing, the messageheader is modified and transmitted back to the layer 2. After the layer 2confirms the appropriate output port, the message is transmitted to thephysical medium through the layer 1. All the subsequent messagesshould gothrough the same process.


41/162


42/162



41

Isolate-user-VLAN

Isolate-user-VLAN (Huawei) is same as Private VLAN (Cisco)

This is not supported by CX200 (old technology not supported innew devices)


43/162


44/162



43

Super-VLAN

No Physical Ports in Super-VLAN

Super-VLAN is the gateway for sub-vlans Super-VLAN has IP address (vlanif)

VLAN aggregation solves the problem that excessive IP addressesoccupation caused by VLANs.

As shown in Figure, in VLAN aggregation, multiple VLANs areaggregated into a super-VLAN. Member VLANs of a super-VLANare called sub-VLANs. All sub-VLANs share the same IP networksegment.

If a large number of VLANs exist in an Ethernet network, VLANaggregation can simplify the configurations.


45/162



44

Module 2

Q-in-Q


46/162


47/162


48/162


49/162


50/162



49Page 49

Basis of the QinQ Technology

Tunnel port; external tag attached or peeled off

Trunk port: single tag at the customer side; two tags at the operator side

QinQ topical applicationQinQ topical application

SS

SS

SS

SS

SS

SS

SS

VLAN100

VLAN200Custom A

ISP network

VLAN100

VLAN200

header datauservlan

10header datauservlan header data

uservlan

Externallabel

20header datauservlan

Custom A

The users message is attached with an external tag before it traverses the operators

network; simple layer-2 VPN functions are enabled.

Typical applications of QinQ Tunnel port: The QinQ-supported port is configured. TheTunnel port is a VLAN allocated by the operator to the customer. The Tunnel port is onlyconfigured at the operators equipment. In the above figure, customer A is allocated with

VLAN10; all Tunnel ports connected with customer A belong to VLAN10 in the operatorsnetwork. When the data of customer A (already with a customer VLAN tag) reaches theTunnel port, an external tag will be added. The VLAN ID is 10. In the operators network,the data is transmitted according to the normal layer-2 transfer process in VLAN10. Whenthe data of customer A leaves the Tunnel port, the external tag will be peeled off. Only theinternal customer VLAN tag will be left. Upon arriving at the customer side switch, the datais transmitted in the customers network as a normal Tag message. MAC study: When thecustomer data reaches the Tunnel port, the MAC study is allocated to the customer VLAN(customer As data MAC study is in VLAN10); when the data reaches the customer side,MAC study is in the VLAN attached by the internal customer VLAN tag. The QinQ

function is not visible for the customer side switch. The operators network is transparentfor the customer. The Tunnel port is sometimes called the vlan-vpn port


51/162



50Page 50


It can be simply taken as a packet with twolayers of 802.1Q tags.

The QinQ technology reduce costs foroperator.

The customer can plan a private VLAN ID.

QinQ does not require signaling protocols.

QinQ has expanded VLAN resources .

Advantages of QinQAdvantages of QinQ

QinQ can be simply understood as a message with two layers of 802.1Q tags.

The QinQ technology enables the operator to provide layer-2 VPN to customers at low

costs. QinQ services are implemented in the operators network; users are insensitive to

QinQ.

In each message in the operators network, the internal tag is the customers privateVLAN ID, while the external tag is allocated by the operator. The customer can plan aprivate VLAN ID; changes in the operators network will not affect the customers network.

QinQ does not require signaling protocols; only static configurations shall be made;configurations are simple and stable.

QinQ has expanded VLAN resources and enable the operator to classify access usersaccording to VLAN IDs.


52/162



51Page 51

QinQ QOSQinQ QOS

Core switchore switchS85008500 QOS feature can realize:OS feature can realize:

For uplink traffic (messages with single tags)

QOS is enabled according to the internal VLAN ID

Mapping to external COS according to the internal COS

Mapping to DSCP according to the internal COS

Mapping to the local priority queue according to the internal COS


How to realize Ethernet QOS in theQinQ network?

The message with 8021Q tag at the customer side contains the8021p priority level. After

the tunnel port is attached with an external tag, the message contents cannot be identified in

layer-2 transfer. How to realize Ethernet QOS in the QinQ network?


53/162



52Page 52

Challenges for the QinQ technologyChallenges for the QinQ technology


QinQ described above is port-based QinQ; its principle is : Whenan equipment port receives a message, the switch will label adefault VLAN tag on the message, whether the message has hada VLAN tag or not.

New challenges

In the QinQ network, the operators network is transparent forcustomers. In case there is redundancy in the connectionbetween a customer and the operators network, a loop will begenerated.

New technology--selected QinQ.

The principle of port-based QinQ is : When an equipment port receives a

message, the witch will label a default VLAN tag on the message, whether the

message has had a VLAN tag or not. In this case, if the message has already had a

VLAN tag, it will have two tags. If the message is untagged, it will have a default

VLAN tag.

New challenges : In the QinQ network, the operators network is transparent for

customers. In case there is redundancy in the connection between a customer and

the operators network, a loop will be generated. (See customer A in the QinQ

application schematic map.)

This challenge requires the operators network to transparently transmit

STP/RSTP/MSTP messages. In this way, the customer can construct a STP tree

outside the operators network and hence cut off the redundant link (BPDU-Tunnel).

Some operators propose user classification according to the user VID or other

features, rather than user access ports (selected QinQ).


54/162


55/162



54Page 54

QinQ BPDU Tunnel

Layer-2 protocol messages are also called theBPDU messages.

The following requirements must be satisfied so thatBPDU messages can be transparently transmitted inthe operators QinQ network:

All branches in a customer network can receivetheir BPDU messages.

BPDU tunnels in different customer networks

must be isolated from one another to avoidinterference.

BPDU Tunnel principlesBPDU Tunnel principles

How to solve the twoproblems?

Layer-2 protocol messages are also called the BPDU messages. Their transparent

transmission tunnels in the operators network can be called layer-2 protocol tunnels or

BPDU tunnels

So how to solve the two problem brought up in the slide?

First: When receiving a BPDU message on the Tunnel port, theport labels a tag allocated

by the operator on the message. Such tags are used to identify BPDU messages in different

VPNs. In the operators network, BPDU messages are transmitted as normal data messages.

Second : to avoid the customers BPDU message being processed by the operators

network equipment, a multicast MAC shall be attached to each encapsulated BPDU

message as the destination MAC. This ensures that the messages are sent to different

branches in the VLAN allocated by the operator. When a message goes out of the Tunnel

port, the VLAN tag will be removed, and the destination MAC will be changed back to the

BPDU MAC.Characteristics of BPDU message messages: BPDU messages are layer-2 control

messages of bridge equipment. They are correlative globally in the equipment and have no

VLAN tags.

In the traditional bridge equipment, if a received BPDU message is not supported or

enabled, it will be propagated in all ports; otherwise, it will be processed in the equipment

before it is transferred.


56/162



55Page 55

BPDU-Tunnel Packet

DSAP(1)0x42

SSAP(1)0x42

Control(1)0x03

Length(2) Protocol DataDA01-80-C2-00-00-00

SA00-0F-E2-07-F2-E0

FCS

DSAP(1)0x42

SSAP(1)0x42

Control(1)0x03

Length(2) Protocol DataDA01-00-0C-CD-CD-D0

SA00-0F-E2-07-F2-E0

FCSUser_I nfo

BPDU Packet

Modifying the BPDU

destination addressto multicast MAC

add this part to

identify usernetwork

Realization of the BPDU TunnelRealization of the BPDU Tunnel

QinQ BPDU Tunnel

Upon receiving a BPDU message, the Tunnel port modifies the destination MAC into amulticast MAC (01-00-0c-cd-cd-d0). Identification information, such as the userinformation, is inserted in front of the FCS. The multicast MAC ensures that the message ispropagated in the VLAN; it also identifies the message as a BPDU-Tunnel message. Whenreceiving the message, the switch submits it to the CPU for processing; it recovers the

BPDU identity and sends the message to the corresponding customer network according tothe user information identification in the message.

Modifying the BPDU destination address to multicast MAC Modifying the BPDUdestination address to multicast MAC Destination: 01-00-0c-cd-cd-d0Source address: 00-0F-E2-07-F2-E0 The source of the BPDU messages sent by Huaweis switches is thisMAC. According to the above descriptions, we can find that BDPU messages and BPDU-Tunnel messages are both in LLC encapsulation. At present, Huaweis realization method isconsistent with the realization method of Cisco. Tests showed that Huaweis equipment caninterwork with Ciscos equipment.


57/162



56Page 56

Basis of the QinQ TechnologyBasis of the QinQ Technology

Appl ications of BPDU TunnelAppl ications of BPDU Tunnel

Principles and Applications of SelectedPrinciples and Applications of Selected

QinQQinQ


58/162



57Page 57

Characteristics of selected QinQCharacteristics of selected QinQ

Principles and Applications of SelectedQinQ

Based on the stream classification results,selected QinQ can determine whether toattach external VLAN tags and the type ofexternal VLAN tags. Different bearer schemesare executed for different services.

IPTag Protocol DataDA mac SA mac FCS

z Selected QinQ is also called stream classification based Nested VLAN

feature. Each user can implement operations on messages that matchwith specific ACL stream rules.

Based on the stream classification results, selected QinQ can determine whetherto attach external VLAN tags and the type of external VLAN tags. Characteristicsof selected QinQ can be implemented according to the user VLAN tag, MACaddress, IP protocol, source address, destination address, priority level, or portnumber of the application program. With the above stream classification methods,

external VLAN tags can be encapsulated to messages according to different users,different services, and different priority levels; different bearer schemes areexecuted for different services.


59/162



58Page 58


Inter-service-area traffic distribution byports

Scene 1 of selected QinQ applicationsScene 1 of selected QinQ applications

MANVLAN 10 VLAN1-XXX

SSSS

VLAN 20 VLAN1XXX

VLAN 30 VLAN2XXX

VLAN 2

VLAN 1001

VLAN 2001 VLAN 3

VLAN 1002

VLAN 2002

TrunkTrunk

Inter-service-area traffic distribution by ports: ordinary Internet user PC VLAN is in therange of 1~1K; IPTV user VLAN is in the range of 1K~2K; VIP customer Internet accessVLAN is in the range of 2K~3K...

Ordinary Internet users VLAN range 1~1K with external VLAN10

VLANIPTV users VLAN range 1K~2K with external VLAN20VIP customer Internet access VLAN range 2K~3K with external VLAN30


60/162



59Page 59


Traffic distribution by message protocolnumbers


MANVLAN 10 PPPOE

SS

VLAN 20 IPOE

VLAN 3

VLAN 2

SS

Traffic distribution by message protocol numbers: ordinary PCs use the PPPoE protocol

to access the Internet; IPTV adopts the IPoE protocols. The terminals are connected to the

uplink via a VLAN. The QinQ technology can be used to distributetraffic according to

different protocol numbers of messages, for example PPPoE and IPoE message.

In Huaweis 8500 switch, each PPPoE message of ordinary Internet PC is attached with

external VLAN10; each IPOE message of the IPTV is attached with external VLAN20.


61/162



60Page 60


Traffic distribution by messagedestination IP addresses


MANVLAN 10 DA IP

SS

VLAN 20 DA VOIP

Service control

SS

Traffic distribution by message destination IP addresses: for service application messageswith the same source IP address and same message encapsulation, for example messagesgenerated from the SoftPhone program, traffic can be distributedvia the selected QinQtechnology according to the destination IP addresses of the messages.

Each ordinary Internet data message is attached with external VLAN10; each VOIPmessages with specific destination address is attached with external VLAN20


62/162



61Page 61


Traffic can be distributed by the internal VLAN tags ofthe QinQ.


MAN

VLAN 10 VLAN 100

VLAN 20 VLAN 200SS

VLAN 100

VLAN 200

SS

VLAN 30 VLAN 300

VLAN 40 VLAN 400

VLAN 300 VLAN 400

VLAN 10 VLAN 100

VLAN 10 VLAN 300

VLAN 20 VLAN 200

VLAN 20 VLAN 400

In the concatenated networking mode, some concatenated switches have adopted port-based QinQ. In this case, traffic can be distributed via the selected QinQ according to theinternal VLAN tags of the QinQ.

The ordinary QinQ attaches external VLAN10 to VLAN100; it attaches VLAN30 toVLAN300; VLAN 100 and VLAN300 belong to the same VPN user. Hencein the 8500switch, external tag VLAN10 is attached according to VLAN100 andVLAN300 of theQinQ message.


63/162



62Page 62

Typical applications of selected QinQTypical applications of selected QinQ


SS

internet

BRAS

SS

VL AN 1001-1003

MulticastRouter

DHCP Server

VLAN 302

VL AN 303

S8500

VL AN 101-301

Campusaccessswitch DSLAM

Each user has oneVLAN (internaltag) to be isolated

from other users.

Users can be distributed todifferent VLANs (withexternal tags) according todifferent applications toisolate the applications.

The above is the networking of the most commonly used selected QinQ application byoperators. In general, telecom broadband user group include users accessed to the switch viathe campus network; the other are ADSL users accessed via DSLAM.

Let me briefly introduce the characteristics of this networking case:

1. VLAN101-200 users accessed from the campus network are ordinary users; this groupis allocated with pubic network VLAN1001 by the 8500 switch. VLAN201-300 users areVIP users accessed from the campus network; this group is allocated with pubic networkVLAN1002 by the 8500 switch; VIP users have high requirements onnetwork performance;hence the bandwidth of VIP users shall be guaranteed via QOS.

2. ADSL users accessed from DSLAM are VLAN 101-300 users, who get an IP addressfor Internet access via PPPOE dialing; this group is allocated with public networkVLAN1003 from the 8500 switch.

3. VLAN 301 is dedicated to multicast. IPTV users accessed via DSLAM or campusnetwork shall access multicast programs via VLAN 301. IPTV client terminals first get IP

addresses from the DHCP server; then they join the IGMP group on the 8500 switch toaccess multicast programs.

4. For Internet users, the 8500 switch attaches a public network tag on each Internet usermessages before the message is submitted to BASE for processing. Each user implementsauthentication, authorization and layer-2 termination on BASE.


64/162



63

Module 3

Devices-Huawei & Cisco


65/162



64

Huawei CX200D


66/162

Course Name





65

Hardware Architecture of the CX200D

Dimensions 442mm220mm43.6mm

Port Switch capacity

Forwarding performance

8.8Gbps/6.6Mpps

Interface type 24*10/100TX+2*GE(SFP)

Power DC/AC 25W

CX200D-EA

CX200D

S2300SI/EI capability : 8.8Gbps/ 6.6Mpps

S3300SI/EI capability : 12.8Gbps / 9.6Mpps

Product List:

S2318P-SI 16*10/100TX+2*GE(SFP)

S2318P-EI 16*10/100TX+2*GE(SFP) (Enhanced L2)

S2326P-SI 24*10/100TX+2*GE(SFP)

S2326P-EI 24*10/100TX+2*GE(SFP) (Enhanced L2)

S3328TP-SI 24*10/100TX+2*GE(SFP)+2*GE Combo

S3328TP-EI 24*10/100TX+2*GE(SFP)+2*GE Combo (Enhanced L3)

S3352TP-SI 48*10/100TX+4*GE Combo

S3352TP-EI 48*10/100TX+4*GE Combo (Enhanced L3)

S2309P-SI 8*10/100TX+1*GE(SFP)

S2309P-EI 8*10/100TX+1*GE(SFP)

In EA there is 2 extra SFP, these are combo ports. If we use this we cant use 2 FE ports.


67/162


68/162


69/162



68

CX200DCX200D Significant FeaturesSignificant Features

Selective QinQ & Vlan Mapping

RRPP

IEEE802.3ah

IGMP Snooping

QoS

DHCP Option82

HGMP


70/162



69

Selective-QinQ Make Service Provisioning Easier

user2

user1

C-MAC-DA

C-MAC-SA

C-VLAN-TAG

C-ETH-TYPE

C-DATA

C-MAC-DA

C-MAC-SA

C-VLAN-TAG

C-ETH-TYPE

C-DATA

S-VLAN-TAG

user1

user2

VALN1VoIPservice

VLAN2 BTVservice

VLAN3 Internet

DATA 1 SA DA

DATA 2 SA DA

DATA 3 SA DA

VLAN4 Internet

DATA 4 SA DA

VLAN30

DATA 1 SA DA

DATA 2 SA DA

DATA 3 SA DA

DATA 1 SA DA

DATA 2 SA DA

DATA 4 SA DA

DATA 10 SA DA

DATA 20 SA DA

DATA 3 SA DA

DATA 10 SA DA

DATA 20 SA DA

DATA 4 SA DA

30

30

CX200D

VLAN10

VLAN20

IP/MPLS Core

NPE

Access AggregationNetwork

BRAS

VLAN Translation change VLAN tag as necessary, make service provisioning more flexible.

Selective QinQ insert different out tag based on different inner Tag.

4096 * 4096 =16 million vlans

Course Name




71/162

Course Name





70

SelectiveQinQ

DATA3SADA DATA5SADA

1. Modify C-VLAN ID

UNI (FE/GE) NNI

DATASADA DATA3SADA 6

2. Add S-VLAN ID

3

UNI (FE/GE) NNI

In selective QinQ we use normal vlan packets

On a certain port we we send multiple vlan in normal qinq same vlan is used in public

- in selective qinq we can change thepublic vlan as per private vlan id


72/162



71

VLAN Mapping1:1

Vlan 1 Vlan 3

Vlan 2

Vlan 100/200/300

Global mapping

vlan 1vlan 100

vlan 2vlan 200

vlan 3vlan 300


73/162

Course Name





72

VLAN Mapping & QinQ-Application inIPTV

Home GatewayHome Gateway

IPTVIPTV

PCPCPOPPOP

IPTVIPTV

PCPC

Campus 1Campus 1Access LayerAccess LayerS2000TPS2000TP--EAEA

Aggregation LayerAggregation LayerVLAN1

VLAN2

VLAN1

VLAN2

VLAN1VLAN2

VLAN1

VLAN2

VLAN2001@VLAN1

VLAN2001@VLAN2

VLAN 3001@VLAN 1001

VLAN 3001@VLAN 1002

IPTVIPTV

PCPC

IPTVIPTV

PCPC

VLAN1

VLAN2

VLAN1

VLAN2

VLAN1VLAN2

VLAN1

VLAN2

VLAN2002@VLAN1

VLAN2002@VLAN2Campus 2Campus 2

Two VLAN per HG Same VLAN for

different users

Enable 1:1VLAN mapping

in user port of switchPUPSPV

VLAN1VLAN1001

VLAN2VLAN1002

VLAN1VLAN1001

VLAN2VLAN1002

VLAN 3002@VLAN 1001

VLAN 3002@VLAN 1002

BRAS

Selective QinQ based onVLAN for internet and IPTV

service

PUPSPV is realized based on the same HG configuration, and 1:1 VLAN mapping on port ofCX200D Series Metro Ethernet.

At the Home Gateway edge, VLAN1 for PC to access internet with broadband service, VLAN2 for

IPTV service.At the access layerwe use the 1:1 vlan mapping.

At the campus network, we use the QinQ feature.

CX200D

CX200D

CX200D

CX200D

CX200D


74/162

Course Name





73

Metro Network

RRPPRapid Ring Protection Protocol

MainNode

TransitNode

SlavePort

MainPort

Link-Down

Notification

Block Status

Link Failure

Link-DownNotification

MainRing

Sub-Ring 1

User1 User2

Hello Packet

RRPP provides Ethernet Ring solution with ordinary Ethernet Port Less than 50ms failure protection. Ring span support Link Aggregation

TransitNode

TransitNode

TransitNode

Sub-Ring 2

Huawei proprietary protocol

RSTP/MSTP is too high for our network..we need max 50ms

We have to manually define the main node (main switch) and declair main port to configureRRPP. In STP every thing is automatically done.

Number of nodes in the ring has not been stated yet

A standard protocol RPR can also be used for


75/162

Course Name





74

RRPP

RRPP Feature

CX200D CX200D

UPE

NPE

Metro Core

CX200DHello Packet

CX200D

CX200D

RRPP can be used in Dual-Homed Protection network

RRPP can be apply between CE and UPE, or between UPE and NPE User side device are RRPP Main Node in Protection Domain, block Slave Port. Service can be switch between Master Port and Slave Port.

RRPP support Trunk

Main nodeMain port Slave port

Transit Node Transit Node

Block Status


76/162

Course Name





75

Ethernet OAM802.3ahProtocol

802.3ah protocol is used to solve TheLast Mileproblem, and suitable for

Ethernet link between two devices too.

Main Functions

OAM Auto Discover

OAM Link Monitor

Remote Fault Notify

OAM Remote Loopback

Remote Taking MIB

CX200D

CX200D

CE PE

User to Network Interface

Link Failure Message

CX380

CE PE

Link Loopback Message

Test Message CX380

User to Network Interface

The Ethernet OAM 802.3ah verifies the connectivity, fault isolation, performancemonitoring and troubleshooting capabilities of Ethernet Services. Its objectives areto push widely Ethernet technology into access network market of carriers.EthOAM can improve network performance, and reduce OPEX and CAPEX.802.3ah protocol includes all technology elements Ethernet must have, such as

physical criterions on cable, P2P fiber and P2MP fiber, and OAM mechanisms.

OAMOperations Administration and Maintenance

Only cx box can support this


77/162

Course Name





76

IGMP Snooping

Internet Internet

VOD Server1 VOD Server2

Multicast Router

CX200D

Multicast Group

Member

Multicast Group

Member

Multicast Group

Member

Video Stream


78/162

Course Name





77

Only one copy for whole ring

IGMP Snooping V1/V2

MVLAN+

Native L2 multicast forwarding easy

to deploy and maintain

50ms switch over

IGMP fast leave, fast zapping

Multicast function Feature

High Reliable Multicast

Convergence Layer

Core Layer

STP/RRPP CX200DCX200D


79/162


80/162

Course Name





79

DHCP client CX

DISCOVER

OFFER

RELEASE

Data transmit

DHCP server

DISCOVER+Option82

OFFER(+Option82)

REQUEST

ACK

RE QUE ST+Option82

ACK(+Option82)

RE LEASE+Option82

Transmission of DHCP Messages

Process of transmitting DHCP messages when the function of forciblyappending the Option 82 field is enabled.

The Option 82 field carries the

inbound interface number and

VLAN ID of DHCP messages.

After being initialized, the DHCP client sends a DHCPDISCOVER message to theDHCP server. The Option 82 field is forcibly appended to the DHCPDISCOVERmessage on the CX.

When receiving the DHCPDISCOVER message that carries the Option 82 field,the DHCP server sends a DHCPOFFER message that carries the Option 82 field to

the DHCP client. The CX removes the Option 82 field from the DHCPOFFERmessage and then sends the message without the Option 82 field to the DHCPclient.

The DHCP client sends a DHCPREQUEST message to the DHCP server torespond to the DHCPOFFER message sent by the DHCP server. The Option 82field is forcibly appended to the DHCPREQUEST message on the CX.

When receiving the DHCPREQUEST message that carries the Option 82 field, theDHCP server sends a DHCPACK message that carries the Option 82 field to theDHCP client. The CX removes the Option 82 field from the DHCPACK messageand then sends the message without the Option 82 field to the DHCP client.

The DHCP client sends a DHCPRELEASE message to the DHCP server toactively release the IP address assigned by the DHCP server. TheOption 82 field isforcibly appended to the DHCPRELEASE message on the CX.


81/162

Course Name





80

Networking diagram of DHCP Option 82

IP/MPLS core

DHCP server

DHCP relayagent

LSW DSLAM

DHCP client DHCP client

enabled withDHCP snooping

Eth0/0/3Eth0/0/2

Eth0/0/1

As shown in Figure, DHCP Option 82 is enabled on the CX. The function offorcibly appending the Option 82 field to DHCP messages is enabled on Ethernet0/0/1, Ethernet 0/0/2, and Ethernet 0/0/3. For the DHCP messagessent from theuser side, the CX appends the Option 82 field to them. In this manner, the inboundinterface number and VLAN ID of the DHCP messages are provided for the

upstream device. For the DHCP messages sent from the network side, the CXremoves the Option 82 field. In this case, clients can still receive the DHCPmessages.


82/162



81

HGMPGroup Management Protocol

Discovery automatically

Topology collection and display

Download configure Automatically Rapid deployment Convenient maintenance

Save on management IP address

Plug and Play

DMS

HGMPClient

HGMP

ServerMetro Ethernet

Save OPEX!

Combine multiple lan switch in to single big lan switch

Course Name




83/162


84/162



83

Product Features


85/162


86/162



85

L2 Transparent LAN Service (TLS)


87/162



86

L2 Protocol Tunneling (L2TP)

L2TP allows the propagation of specific layer 2 PDUs to be tunneledthrough a layer 2 network

PDUs that can be tunneled are Vlan trunking protocol, STP, CDP

L2tp is based on PPP. It takes the packet of any protocol (IP,IPX,etc) and encryptsto deliver over internet using IP.

(Layer 2TunnelingProtocol) A protocol from the IETF that allows a PPP session

to travel over multiple links and networks. L2TP is used to allow remote usersaccess to the corporate network. PPP is used to encapsulate IP packets from theuser's PC to the ISP, and L2TP extends that session across the Internet


88/162



87

Aggregate QoS Model


89/162



88

QoS Functions


90/162



89

Multicast Support


91/162



90

Problem to Distribute Multicast in L2Ring

We have 2 user Vlans per switch in the ring and28 user vlans are sent over each trunk in thering.

We need to be able to send all multicast streamsto each users

In standard multicast the distribution, the BANneeds to replicate multicast streams topotentially 28 users Vlans

28 copies of each multicast packet mighttravel over the ring


92/162



91

Problem to Distribute Multicast in L2Ring


93/162



92

MVR Operation


94/162



93

IGMP Snooping


95/162



94

Supervisor Subsystem

Managing control plane traffic for the switch Provides address learning capabilities


96/162



95

ACL

Network security through Cisco access control lists

(ACLs) based on Layer 2 through Layer 4 information Access control all packets

Lookups done in hardware : less delay

Security at the edge

Minimizes congestion by filtering unwanted traffic


97/162



96

Other features

Simplified network management through the CiscoCluster Management Suite (CMS) Software

Telnet traffic is encrypted (Secure Shell)

Supports SNMP v3: encrypt admin traffic duringSNMP session

MAC address notification : Alerts administrator whenuser comes to the network.

DHCP Interface Tracker: Provides Switch & port ID toDHCP server


98/162



97

Cisco ME 3400


99/162



98

Cisco ME 3400

24 Ethernet 10/100 ports 2 SFP gigabit uplinks (GBIC in 3550)

30W max power consumption (25 W less than3550)

Operating temperature-50 deg (5 more than3550)


100/162



99

Cisco Catalyst 3750


101/162



100

Cisco Catalyst 3750

12 SFP based Gigabit ports 32 Gbps high speed stacking bus

Power consumption 120W max


102/162



101

Huawei CX600


103/162

Course Name


Spreading Without Permission N-1



102Page102

Contents

1. Introduction to CX 600

2. Service Features of CX600

3. Application of CX600


104/162

Course Name





103Page103

Positioning of CX600

MSPCX600

DSLAMCMTS

AG

NodeB

Access

Acc Switch

SBC

RNC

SoftX

Internet

Headend

VoD

CS

VoDES

SGSN

P

P

Edge Core Application

PE

P

BRAS

MSPCX600

Aggregation

MSPCX600

MSPCX600

CX600 Metro Services Platform (MSP) is a high end Ethernetproduct. It focuses on Ethernet services access, aggregation andtransmission in metro area. It mainly locates at metro access andaggregation point and can provide FE, GE, 10 GE and RPRinterfaces with line speed performance.

Position of CX600-8:

1. CX600-8 is Metro Services Platform, supports abundant Metro Ethernetservices.

2. Special for Ethernet Aggregation; bring L3 access to network margin;

3. Does not support POS, ATM, E1/E3 and T1/T3 interfaces for WAN application.


105/162


106/162

Course Name





105Page105

CX600 System Architecture

LPU

LPULPU

FAN(redundancy)

FAN(redundancy)

FAN(redundancy)

FAN(redundancy)

SRU

(1:1 redundancy)

SRU(1:1 redundancy)

SFU

(3+1)

SFU

(3+1)

Monitor Bus Control Bus

SFU

3+1 redundancy

SFU

3+1 redundancy

SwitchingFabric

Data Bus

Redundancy design for all components, no single point failure Distributed forwarding architecture to eliminate performance bottle neck and maximize

throughput Separated data bus, control bus and monitor bus 2:1 speedup (=switching capacity : port capacity), non-blocking crossbar switching fabric

Redundancy design for all components, no single point failure Distributed forwarding architecture to eliminate performance bottle neck and maximize

throughput Separated data bus, control bus and monitor bus 2:1 speedup (=switching capacity : port capacity), non-blocking crossbar switching fabric

LPU


107/162


108/162

Course Name





107Page107

CX600 Line Card

Framer

SMPFE

TCAM

CPcontrol module

physicalinterface

TM

Bufferfabric interface

management interface

Micro cell switchingVOQ4 priorities

Wire speed & low latency 10G forwarding capability

Per user per service ingress & egress H-QoS guarantee Large packet buffer to reduce packet loss rate, meet requirements of criticalservices

VOQ to avoid HOLB (head of line blocking) issue and maximize throughput

Wire speed & low latency 10G forwarding capability Per user per service ingress & egress H-QoS guarantee Large packet buffer to reduce packet loss rate, meet requirements of critical

services VOQ to avoid HOLB (head of line blocking) issue and maximize throughput

32K flow queues per direction8 queues per port5 level H-QoS

100ms buffering

200K FIB16K ARP128K MAC

8K ACL1K CAR


109/162

Course Name





108

Page108

Major Functions & Characteristics

supports the 2*10G/slot,

IPv6

Ethernet OAM

perfect carrier-class feature

RPR Bridge Mode

FE, GE, 10GE

1G, 2.5G, 10G RPR

BFD, GR, and TE,

22,000 FIB entries.

ME features (RRPP, BPDU

Tunnel, QinQ termination,

DHCP+)

HQOS are newly added,

which satisfy the marketing

requirements of the Metro

Ethernet

V200R002V200R001

2008Q1 GA2007-08-10 GA

ME features: Metro Ethernet


110/162

Course Name





109Page109

Software features(1)

Name of Software Features Remarks

Interface binding (IP TRUNK and Ethernet

TRUNK) Supports the cross-service LPU binding.

TRUNK int erface HASH load balancing

RPR (10G, 2.5G, 1000M)

GRE tunnel

IPv4 unicast service

IPv4 multicast service

Suppor ts RIP, OSPF, IS-IS, and BGP4 Suppor ts BGP Account ing and BGP MD5.

Weak poly-based routi ng

IGMPv3, PIM-SSM, Multicase Source Control

Common layer 2 features (interface isolationin VLAN, VLANIF, QinQ, and STP/MSTP)

128K Mac address per sl ot

VLAN Mapping (1 to 1)

DHCP+(IP, MAC, Interface, and VLAN binding )


111/162

Course Name





110Page110

Software features(2)Name of Software Features Remarks

RRPP (for Ethernet and Ethernet-Trunk)

RRPP ring multicast isolation feature

BPDU Tunnel

FIB table supports the load balancingSupports complete load balancing and supportseight ECMPs of load balancin g.

LSP load balancingSupports t he LSP traffic-based load balancing andthe fault switch less than 50ms.

MPLS TE

LDP over TE LDP over TE for PE/P

TE over TRUNK (IP TRUNK, EthernetTRUNK

MPLS L3VPN

Supports three kinds of inter-domain modes:

Option A, B and C.

Supports ISIS, OSPF, RIP, BGP, and static route.

Can be access to the PE in static ro uting. TheOSPF suppor ts 1000 instances.

Supports t he HoPE.

MPLS L2VPN (VLL/PWE3, VPLS, HVPLS)Supports the following two kinds of protocolmodes: Martini and Kompella.


112/162

Course Name





111Page111



VPLS over TEStatic LSP is accessed to VPLS

QinQ termination is accessed to VPLS,L2VPN, and L3VPN

Multicast VPN

MPLS OAM

MPLS Ping, MPLS Traceroute

IS-IS and fast con vergenceThe IS-IS convergence on the whol e network isless than 1s, and convergence of the single nodeis less than 50ms.

IP/LDP FRR

TE FRR

VPN FRR


113/162

Course Name





112Page112



BFD for FRR, VRRP, and ISIS

BFD for BGP, OSPF, TRUNK, and VLANIF

BFD for VRF, Cisco Interco nnection

BGP/ISIS/OSPF/LDP GR

VLL (LDP mode)/VPLS GR

L3VPN GR

HQOS (FADD only)

VPN QoS (Resource Reservation VPN)

QPPB

Tunnle/VPN statistics

NTP

SSHv2

IPTN TPE

NetStream fo r IPv4


114/162

Course Name





113Page113

Specification of CX600

Description CX600

Interface Ethernet,RPR,GRE,NetStream

PPP/MP NO

IPV6

FIBv63KACLv61KARPv61K

FIB 200K

Routing Table 1M

OSPF Nei gh bors 256, Def au lt 50

OSPF Int erfac es 256, Def au lt 50

OSPF

Session/Instances256, Default 50

ISIS Neighbor 256, Default 50

ISIS Interfaces 256, Default 50

ISIS Instances 256, Default 50

BGP Neighbors 256, Default 50

Description CX600 V2R1

VPN-Instance 1K, Default 500

ARPv4 16K

IPV4 ACL per Board 8K

Max. IPv4 ACL per

Equipment64K

H-QOS Levels 5-level Scheduler

FQ per BoardIngress 24K

Egress 24K

MAC per Board 128K

QinQs per Board 16K

MPLS LSP Tunnels 64K

MPLS TE Tunnels 1K

Multicast core Routing

Table4K

SRU Memory 2Gbps, Default: 1G


115/162

Course Name





114

Page114

Introduction to Boards

Newly Added LPUs

1*10GBase-LAN-XFP Optical Interface LPU1*10GBase-WAN-XFP Optical Interface LPU

10*1000Base-X-SFP SFP Optic al Interf ace LPU

24*10/100/1000Base-TX-RJ45 Electrical Interface LPU

24*100/1000Base-X-SFP Optic al Interface LPU

1*OC-192c/STM-64c RPR-XFP Optical Interface LPU

2*OC-48c/STM-16c RPR-XFP Optical InterfaceLPU

4*OC-48c/STM-16c RPR-XFP Optical InterfaceLPU

2*1000M RPR-SFP Optical InterfaceLPU

4*1000M RPR-SFP Optical InterfaceLPU

Service Processing Circuit Board-NetStream Processing

Service Processing Circuit Board-TSU Service Processing


116/162

Course Name





115

Page115

Introduction to Interface Types

Type Interface Remarks

Ethernet 10G LAN (XFP)

10G WAN (XFP)GE (SFP)

GE (RJ45)

FE (SFP)

RPR 10G RPR(XFP)

2.5G RPR(SFP)

1000M RPR(SFP)

Optical Module XFP 10G 10Km For 10G WAN and RPR, the distance is2Km

XFP 10G 40Km

XFP 10G 80Km Only fo r 10G WAN and 10G RPR

XFP 10G 300m Only fo r 10G LAN

SFP GE550m/10Km/40Km/80Km/100Km

SFP CWDM 1GE 70Km

SFP 1000BaseT RJ45 Auto negotiation

SFP 2.5G 2Km/15Km/40Km/80Km


117/162



116Page116

Contents

1. Introduction to CX 600

2. Service Features of CX600

3. Application of CX600


118/162

Course Name





117Page117

Networking Capacities

Core layer is responsible for the high-speed forwarding of service data.

Edge and aggregation layer serve as the access point of various services.

Access layer is responsible for the user access (DSLAM, converged-switch, AG,NodeB)

The services access the network for forwarding through the BRAS, the centralizedPE, or the aggregation node, based on the service type.


119/162



118Page118

Networking Capacities

DSLAM

Switch

Aggregation node

Distribution node

BRAS

PE

P/PE

Access individual services through the permanent virtual circuit(PVC).Adds VLAN or QinQ tag based on the types of users and services

Refers to the access switch that converges the Layer 2 corporateservicesto the aggregation node.

Distinguishes the VLAN or QinQ user services, forwards Layer 3 servicesor VPN services, or transparently transmits services to the BRAS or thecentralized PE through the IP or MPLS technologies.

Converges the services in ME and terminates the IP or MPLS pipes andtransparently transmits the services to the BRAS or the centralized PE

Refers to a device that processes PPPoE login services of individual users

Refers to the centralized service node, which can also serve as thedistribution node. PE accesses the services that should be converged andprocessed, such as centralized L3VPN services

Refers to the core forwarding node or the edge node on the back bone

network. P or PE rapidly forwards the services or accesses the services tothe

Documents

MEN Part 1- Day1-Ver1_NoRestriction