ZXR10 8900E Series Core Switch Product Description Version: 3.01.01 ZTE CORPORATION No. 55, Hi-tech Road South, ShenZhen, P.R.China Postcode: 518057 Tel: +86-755-26771900 Fax: +86-755-26770801 URL: http://ensupport.zte.com.cn E-mail: support@zte.com.cn LEGAL INFORMATION Copyright © 2013 ZTE CORPORATION. The contents of this document are protected by copyright laws and international treaties. Any reproduction or distribution of this document or any portion of this document, in any form by any means, without the prior written consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by contractual confidentiality obligations. All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE CORPORATION or of their respective owners. This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose, title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the use of or reliance on the information contained herein. ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications covering the subject matter of this document. Except as expressly provided in any written license between ZTE CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter herein. ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice. Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information. The ultimate right to interpret this product resides in ZTE CORPORATION. Revision History Revision No. Revision Date Revision Reason R1.0 2013-06-24 First edition Serial Number: SJ-20121213142710-002 Publishing Date: 2013-6-24 (R1.0) SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Contents About This Manual ......................................................................................... I Chapter 1 Product Positioning and Characteristics ............................... 1-1 1.1 Product Positioning ............................................................................................ 1-1 1.2 Product Characteristics....................................................................................... 1-2 Chapter 2 Functions and Features ........................................................... 2-1 2.1 L2 Functions ...................................................................................................... 2-1 2.1.1 Basic Ethernet Functions .......................................................................... 2-1 2.1.2 VLAN Functions ....................................................................................... 2-2 2.1.3 Link Aggregation ...................................................................................... 2-4 2.1.4 L2 Multicast ............................................................................................. 2-5 2.2 L3 Functions ...................................................................................................... 2-5 2.3 MPLS and VPN Functions .................................................................................. 2-8 2.4 QoS ................................................................................................................ 2-10 2.5 Clock Synchronization ...................................................................................... 2-12 2.6 Protection for Reliability .................................................................................... 2-13 2.7 Security and Authentication............................................................................... 2-16 2.8 Network Traffic Analysis.................................................................................... 2-19 Chapter 3 Product Structure ..................................................................... 3-1 3.1 Product Overview............................................................................................... 3-1 3.2 Hardware Structure ............................................................................................ 3-4 3.3 Supported Boards .............................................................................................. 3-6 3.4 Software Structure.............................................................................................. 3-9 Chapter 4 Technical Specifications .......................................................... 4-1 Chapter 5 Networking Applications.......................................................... 5-1 5.1 Application in an Metro Ethernet Network............................................................. 5-1 5.2 Application in a Data Center................................................................................ 5-2 5.3 Application in Ethernet Layer 2 Convergence ....................................................... 5-3 5.4 Application in an Enterprise Network ................................................................... 5-4 5.5 Application in FTTx............................................................................................. 5-5 5.6 Application in a Core Network Bearer .................................................................. 5-6 5.7 Application in IP RAN ......................................................................................... 5-7 Chapter 6 Operation and Maintenance..................................................... 6-1 I SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential 6.1 NetNumen U31 Unified Network Management Platform ........................................ 6-1 6.2 Maintenance and Management ........................................................................... 6-2 Chapter 7 Protocol and Standard Compliance ........................................ 7-1 Figures............................................................................................................. I Tables ............................................................................................................ III Glossary .........................................................................................................V II SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential About This Manual Purpose This manual describes the positioning, characteristics, functions and features, architecture, network application, operation and maintenance, technical specifications, and complied protocols and standards of the ZXR10 8900E series products. Intended Audience This manual is intended for network planning engineers. What Is in This Manual This manual contains the following chapters: Chapter Summary 1, Product Positioning and Describes the positioning and characteristics of the ZXR10 8900E series Characteristics products. 2, Functions and Features 3, Product Structure 4, Technical Specifications 5, Networking Applications Describes the major functions and features supported by the ZXR10 8900E. Describes the appearance, hardware structure, supported boards, and software structure of the ZXR10 8900E. Describes the basic specifications, interface specifications, and system functions and features of the ZXR10 8900E. Describes typical application of the ZXR10 8900E in actual networking solutions. 6, Operation and Mainte- Describes the management and maintenance of the NetNumen U31 uni- nance fied network management platform and the ZXR10 8900E. I SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential II SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 1 Product Positioning and Characteristics Table of Contents Product Positioning ....................................................................................................1-1 Product Characteristics ..............................................................................................1-2 1.1 Product Positioning The ZXR10 8900E series core switches are new-generation, enhanced core switches. These switches provide extra large system capacity, high-density ports, and powerful service features to satisfy core equipment requirements of MAN, data center, campus, and enterprise network environments. The ZXR10 8900E, designed as a user-oriented, large-capacity, and distributed system, provides high-density GE, 10 GE, and 40 GE/100 GE port solutions. The ZXR10 8900E uses energy-efficient components and uses an intelligent mechanism for managing fans, power supply, and physical ports to solve capacity expansion problems for users. The ZXR10 8900E provides high convergence with low costs, reduces the investment fee per user, saves space occupied by devices, and lowers power consumption. The ZXR10 8900E helps users to build highly-efficient, intelligent, and reliable networks, and reduces maintenance and duplicate investment costs by improving network reliability and stability. The ZXR10 8900E performs the following functions: l l l l Provides comprehensive security protection to guarantee network core security. Provides multi-level QoS to guarantee end-to-end service experience and improve network quality. Provides reliable protection for users from device, link, to network levels by independent monitoring platform, reconfigurable software, and various switchover technologies. Supports multi-service bearer and the IPv6 technology to provide IPTV solutions, fulfilling the need of integrated data and voice bearer and various networks. The ZXR10 8900E series products include ZXR10 8912E, ZXR10 8908E, ZXR10 8905E, and ZXR10 8902E, which respectively provide 12, 8, 5, and 2 service slots and support a variety of high-density interface boards and service functions. For their overview, see Figure 1-1. 1-1 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Figure 1-1 ZXR10 8900E Series Products 1.2 Product Characteristics Multi-scenario and All-service Ideas The ZXR10 8900E provides all-service support, satisfying hierarchical and multidimensional requirements of users and covering network hotspots and mainstream scenarios such as Metro E, IPTV bearer, FTTX ultra wide band (UWB) convergence, IP-based 2G/3G/LTE Backhaul bearer (IP RAN), FMC network convergence, data center, and campus network. The specific characteristics include: l l l l l l A variety of VPN technologies, enhanced functions such as MPLS L3 VPN and VPLS, MPLS-TE, and multi-service bearer capability Rich QoS capabilities to support VPN QoS and provide differentiated services for different application Layer-2 and layer-3 multicast protocols to provide high-rate multicast duplication capability and leading IPTV solutions to satisfy the requirements for large-capacity IPTV subscriber access and high-performance IP multicast video application SynE and 1588v2, Bits and GPS clock interfaces, and four types of clock source to implement frequency synchronization, providing perfect clock synchronization and transmission solutions to radio access networks (RANs) and industry dedicated devices (such as power supply) and achieving an all-IP-based mobile bearer network and fix-mobile convergence (FMC) for all-service operators Distributed IPv6 to implement ASIC-based full wire-speed IPv6 forwarding, a variety of IPv4/v6 transition technologies, and IPv6 multicast and application management, protecting profits of customers and adapting to network service development requirements Hierarchical intelligent operation and maintenance, and graphical network management system, allowing users to easily perform multi-service deployment and management 1-2 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 1 Product Positioning and Characteristics 40G/100G Port for a High-speed Era Giving full consideration to future network requirements, the ZXR10 8900E builds a next-generation network core by extra large capacity and high performance. Thus, it helps mobile operators to meet mass traffic requirements, broadband operators to fulfill increasing P2P and video demands, and enterprises to deal with intensive traffic by using cloud computing, and finally provides Tbit/s ultra-high-speed networks. The specific characteristics include: l l l A new switching network architecture that provides the largest single-slot switching capacity and whole-NE switching capacity in the industry Up to 96 40GE ports and or 576 10GE ports for a whole NE Smooth upgrade of 100GE ports to fully protect investors' benefit Multidimensional Security Model, Reinforcing the Network Core The ZXR10 8900E, focusing on the network core, provides a five-start network service guarantee through a 5-level model covering safe architecture, safe control, safe operating system, safe computing, and safe services. l Safe architecture Supports hot backup for the control and forwarding engine, quick active/standby switchover, redundant backup and intelligent check, control and alarm for power supply, fan, and clock modules, and hot-swapping for all components. l Safe control Provides high system stability by isolating control, monitoring, and forwarding. l Safe operating system Uses ZTE's new-generation multi-process software platform ZXROS, which provides the most advanced software architecture reliability in the industry to implement function modularization, intelligent and dynamic loading, parallel processing, flexible expansion of new functions, and process-based intelligent dormancy that guarantees service upgrade without interruption. l Safe computing Provides multi-thread parallel high-performance computing based on multiple CPUs to guarantee seamless connection on different planes. l Safe services Supports a variety of reliability technologies and equipment-level to network-level protective switching technologies, and guarantees smooth operation of all services by the industry-leading OAM capability and security protection functions. Low Carbon and Energy Efficient ZTE is always committed to the R&D and application of "environment-friendly data" products and solutions, and insists on sustainable development and environment 1-3 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description efficiency. Based on product lifecycle considerations, ZTE makes all efforts to reduce its products' influence on the environment. The specific characteristics include: l l l l 40nm highly-integrated chips, proper PCB layout, optimized heat dissipation design for a single board or the whole cabinet, and highly-efficient power switch to guarantee an energy-efficient high-performance system. Intelligent power consumption control system: The power consumption control module of the operating system supports dynamic port power saving, intelligent line card startup, power supply, process dormancy, and service adjustment, 5-level fan speed adjustment, and fan sector control to achieve the maximum balance for the performance-to-consumption ratio. Harmless material purchase, green certification for the production process, renewable, biodegradable, and environment-friendly packaging and shipping material, in compliance with domestic and international RoHS standards and the concept of "green earth, care nature". Reconstructable operating system architecture and ideal remote management tools, which greatly improve installation, debugging, operation and maintenance efficiency, increase the remote maintenance ratio, reduce OPEX, and lower attendance and environment costs. 1-4 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 2 Functions and Features Table of Contents L2 Functions ..............................................................................................................2-1 L3 Functions ..............................................................................................................2-5 MPLS and VPN Functions..........................................................................................2-8 QoS .........................................................................................................................2-10 Clock Synchronization ..............................................................................................2-12 Protection for Reliability............................................................................................2-13 Security and Authentication ......................................................................................2-16 Network Traffic Analysis ...........................................................................................2-19 2.1 L2 Functions 2.1.1 Basic Ethernet Functions MAC Address Management The ZXR10 8900E provides the basic functions of maintenance MAC address learning and synchronization, and implements the following management functions: l l l l l MAC MAC MAC MAC MAC address address address address address binding filtering number restriction permanence multi-view display Port Mirroring The port mirroring function automatically duplicates traffic from one port to another port, so that a network administrator can analyze the traffic in real time when solving network problems. Port mirroring provides a monitoring approach for the network administrator. For the ZXR10 8900E, any port can be configured as a mirrored port. The supported mirroring types include: l l l l l Mirroring between ports of different rates Many-to-one port mirroring One-to-many port mirroring Many-to-many port mirroring Inter-line-card port mirroring, supporting simultaneous mirroring of multiple mirroring groups 2-1 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description l l RSPAN, ERSPAN, and other remote port mirroring Stream-based mirroring Port Security Protection The ZXR10 8900E supports the following port security protection functions: l l l l Port traffic control, broadcast storm suppression, jumbo restriction, rate negotiation for effective data traffic control on a port, which prevents network congestion and ensures normal network service operation. Line diagnosis, analysis, and testing, which checks whether lines or links are normal and accurately locates line-specific faults, making network management and fault locating more easy. Loop detection for some or all ports (no detection by default), which checks for the loops of the subscribers or switches connected to these ports, so that switch broadcast storms and other abnormal situations can be avoided and the influence can be constrained to the specific ports. VLAN-based loop detection not only for the VLAN where the PVID of a port is located, but also for a VLAN specified by the subscriber on a port, which supports loop detection on up to eight VLANs at the same time. 2.1.2 VLAN Functions The ZXR10 8900E supports 802.1Q VLANs. For an untagged packet, the ZXR10 8900E supports adding a subnet-based, protocol-based, or port-based VLAN tag to fulfill rich VLAN functions. In the 802.1Q VLAN protocol, a VLAN ID is represented by a 12-bit numeral. As a result, the number of VLANs is limited to 4096 and cannot satisfy actual application requirements. The ZXR10 8900E expands VLAN in four aspects including QinQ, PVLAN, VLAN translation, and layer-3 related super VLAN. QinQ QinQ allows multiple VLAN tags in an Ethernet frame. A subscriber's private network VLAN tag is encapsulated into a public network VLAN tag, and then the double-tagged frame goes through the backbone network, providing a simple 2-layer VPN tunnel for the subscriber. The ZXR10 8900E implements static configuration for QinQ. QinQ involves two VLAN types: l l Service VLAN (SVLAN) Customers VLAN (CVLAN) The ZXR10 8900E supports traditional SVLAN configuration and VFP-based SVLAN configuration. The latter can implement traffic-type-based tagging. 2-2 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 2 Functions and Features PVLAN All the servers are in the same subnet and can communicate only with their own gateway. This is called private VLAN (PVLAN). A PVLAN effectively guarantees data communication security for an access network by connecting all subscribers to a default gateway and isolating them from each other. Ports in the same VLAN cannot communicate with each, but they can traverse the trunk port. Thus, subscribers in the same VLAN are not affected by broadcast packets. A PVLAN does not need protocol packet support, and can be implemented on the ZXR10 8900E by static configuration. VLAN Translation VLAN translation is an extended VLAN function. If a switch port is enabled with VLAN translation, it is required that incoming data packets received on this port must be tagged packets. VLAN translation uses "port number + vid in the tagged packet" as an index to look up the MAC-VLAN table to obtain a new vid. Then, the packet is switched in the new VLAN. Thus, VLAN-to-VLAN translation is implemented. VLAN translation is implemented on the ZXR10 8900E by static configuration. Besides basic single-tag conversion, the ZXR10 8900E can also implement the following functions by combining VLAN translation and SVLAN: l l l l l l l When a single-layer frame is received, add an outer tag according to policies. Mapping policies or 1-to-1 mapping can be configured. When a single-layer frame is received, modify the inner tag and add an outer tag according to policies. Mapping policies or 1-to-1 mapping can be configured. When a double-layer frame is received, delete the outer tag according to policies. When a double-layer frame is received, delete the outer tag and modify the inner tag according to policies. Mapping policies or 1-to-1 mapping can be configured. When a double-layer frame is received, modify the outer tag according to policies. Mapping policies or 1-to-1 mapping can be configured. When a double-layer frame is received, modify the inner tag according to policies. Mapping policies or 1-to-1 mapping can be configured. When a double-layer frame is received, modify the inner and outer tags according to policies. Mapping policies or 1-to-1 mapping can be configured. Super VLAN VLAN aggregation divides VLANs into super VLANs and sub VLANs. Multiple VLANs (called sub VLANs) are aggregated into one super VLAN, and all use the IP subnet and default gateway IP address of the super VLAN. The ZXR10 8900E can specify a specific sub VLAN to send ARP packets or VRRP heartbeat packets. In addition, the ZXR10 8900E supports binding BFD to a specific super VLAN interface. 2-3 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description 2.1.3 Link Aggregation Link aggregation means that physical links of the same type of transmission media and the same transmission rate are bound together to obtain a logical link. Link aggregation increases bandwidth and achieves traffic load sharing. The ZXR10 8900E supports the aggregation of static and dynamic links for FE, GE, and 10 GE ports, as well as inter-line-card and inter-device link aggregation. Links aggregated on the ZXR10 8900E to obtain a logical port called smartgroup, which can be used as a common port. Static Aggregation Static port trunking allows multiple physical ports to be manually added to a trunk group to obtain a logical port. However, when using this aggregation method, users cannot easily observe the statuses of the aggregate ports. When configuring link aggregation on the ZXR10 8900E, comply with the following principles, which are also applicable to LACP: l l l Up to 128 trunk groups can be configured, each of which contains up to 8 member ports. A member port can be in access, trunk, or hybrid mode, and all the member ports must be in the same mode. Inter-interface-board aggregation is supported . Member ports can be distributed on any interface board, but selected ports must be in full-duplex mode at the same rate. LACP The Link Aggregation Control Protocol (LACP) complies with the IEEE 802.3ad standard. The LACP allows multiple physical ports to be aggregated into a trunk group to obtain a logical port called smartgroup. The LACP automatically performs aggregation to achieve the maximum bandwidth. LACP aggregation is divided into static aggregation and dynamic aggregation. The former is configured manually, while the latter is performed by dynamically adding ports to an aggregate group through related protocols. The ZXR10 8900E supports smartgroup configuration. Load sharing can be implemented by the following means, which are also applicable to static aggregation: l l l l l l By source MAC address, VLAN, Ethertype, and incoming port By destination MAC address, VLAN, Ethertype, and incoming port By source and destination MAC addresses, VLAN, Ethertype, and incoming port By source IP address and source TCP or UDP port number By destination IP address and destination TCP or UDP port number By source and destination IP addresses and source and destination TCP or UDP port numbers 2-4 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 2 Functions and Features MC-LAG Besides intra-line-card and inter-line-card link aggregation, the ZXR10 8900E also supports Multi-Chassis Link Aggregation Group (MC-LAG) and the Spanning Tree Protocol (STP). 2.1.4 L2 Multicast The ZXR10 8900E can implement layer-2 multicast and dynamically maintain a multicast group that users dynamically join and leave. IGMP Snooping Based on the layer-2 multicast technology, the ZXR10 8900E supports the IGMP snooping technology to effectively manage multicast group members, suppress multicast flooding in a layer-2 network, and prevent unauthorized users from receiving multicast traffic. If IGMP snooping is enabled on the ZXR10 8900E, multicast packets are multicast to specific ports on layer 2. If IGMP snooping is not enabled, multicast packets are broadcast to all ports on layer 2. The ZXR10 8900E also supports MLDv1/v2-based MLD snooping to implement smooth IPv4-to-IPv6 evolution. IGMP Proxy The ZXR10 8900E also supports the IGMP proxy function. Unlike IGMP snooping, which obtains multicast information by listening to IGMP traffic, the IGMP proxy mechanism blocks and processes the IGMP requests from terminal users, and forwards them to an upper-layer router. 2.2 L3 Functions IPv4 Routing Protocols RIP The Routing Information Protocol (RIP) is a distance-vector routing protocol based on the local network. The RIP uses UDP packets to exchange RIP routing information. A protocol packet to be transported is encapsulated into a UDP packet. The routing information in a RIP packet contains the number of hops in a path from the source to a destination. Each hop determines the route to the destination by the hop count. RFC has a limit on the hop count. The maximum hop count is 15. Therefore, the RIP is applied to internal gateways in small-size autonomous systems. On the ZXR10 8900E, the RIP has the following main functions: l l Sends and receives RIP packets according to the protocol, checks the correctness of the packets, and performs certain identity verifications. Supports RIPV1/V2, plain text and MD5 authentication, and route redistribution. 2-5 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description l l Uses split horizon and trigger update mechanisms to prevent routing loops and shorten route convergence time. Supports protocol debugging. OSPF The Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) developed by the IETF. The OSPF uses a link state routing and Shortest Path First (SPF) algorithms. The OSPF is loop-free, which is of great significance for mesh networks or LANs connected through multiple bridges. Each OSPF router maintains an identical database describing the Autonomous System (AS)'s topology. The database is composed of each router's partial state information, such as the router's available interfaces, neighbors, connected networks, and external routing information of the AS. On the ZXR10 8900E, the OSPF has the following main functions: l l l l l l l l l l Employs a hierarchical network topology that is applicable to large interconnection networks. Uses the dynamic routing algorithm Dijkstra to automatically and quickly trace network topology changes. Supports display and configuration commands from the primary console, SNMP-related command, display, and MIB variables. Supports routing protocol packet authentication, including simple password authentication and MD5 authentication, to prevent routing protocol packets from being illegally modified. Uses retransmission and confirmation mechanisms to guarantee the reliability of link-state synchronization. Supports a variety of distance metric solutions, such as physical distance, delay, and throughput. Supports stub area and NSSA functions Supports Area Border Routers (ABRs) and Autonomous System Border Routers (ASBRs). Supports classless routing and route aggregation. Controls route re-distribution and filtering by a route map. IS-IS The Intermediate System-to-Intermediate System (IS-IS) intra-domain routing protocol represents the OSI model for L3 switches. It can be applied to TCP/IP-based IP networks. The IS-IS protocol is easy to extend for other protocols mainly IPv6. The IS-IS system is divided into two layers: the backbone (L2) and areas (L1). An L3 switches can only belong to one area. Ll switches know only topology of their own area. All the traffic to other areas is sent through the closest L2 switch. L2 switches compose the backbone, which is similar to the backbone area 0 in OSPF. On the ZXR10 8900E, the IS-IS has the following main functions: l l l Supports L1/L2 address aggregation. Supports L1/L2 hierarchical routing and the ATT bit. Supports the three area addresses and smooth area address migration. 2-6 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 2 Functions and Features l l Supports load balancing for the same destination. Supports plain-text authentication for an interface or area. BGP The Border Gateway Protocol (BGP) is an exterior gateway protocol. Its basic function is to exchange loop-free routing information between multiple autonomous systems. The information exchanged by the BGP carries rich attributes, which help to construct the topology of ASs and implement AS-based routing policies. The routing information with AS IDs can also help eliminate routing loops. On the ZXR10 8900E, the BGP has the following main functions: l l l l l l l l Applied to mass network application and backbone networks. Supports eBGP and IBGP. Supports the eBGP multi-hop technology. Supports the community and route reflector attributes. Supports AS alliance and route suppression. Supports MP-BGP. Supports MD5 authentication and route filtering. Supports route redistribution. Policy Routing Policy routing matches specific values in an IP packet to with a policy set by a network management user. If the values satisfy the policy, the packet is forwarded according to the route specified by the policy. Otherwise, the packet is forwarded according to a conventional routing table. The ZXR10 8900E implements ACL-based policy routing. IPv6 Routing The ZXR10 8900E supports the following IPv6 unicast routing features: l l l l Supports IPv6 neighbor discovery protocols to discover routers and prefixes, resolve addresses, determine next-hops, redirect routes, and detect unreachable neighbors and duplicate addresses, bringing more flexibility to node mobility. Supports the IPv6 MTU discovery protocol to dynamically identify the maximum transmission unit (MTU) and ensure that the size of each packet sent by a node does not exceed the MTU value. Supports IPv6 static routing. Supports the IPv6-based dynamic routing protocols RIPng, OSPFv3, ISISv6, and BGP4+. IPv4 to IPv6 Transition The ZXR10 8900E provides multiple mechanisms for IPv4 to IPv6 transition. For example, the dual-stack technology and various tunneling technologies, which are applicable to different scenarios. The ZXR10 8900E supports the following features: l Supports IPv4/IPv6 dual-stack coexistence. 2-7 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description l l l l Supports Supports Supports Supports manually configured tunnels. 6to4 tunnels. ISATAP tunnels. 6PE tunnels. L3 Multicast The ZXR10 8900E supports the IGMPv2, IGMPv3, and MLDv1/v2 protocols, as well as IPv4/v6-based PIM-DM, PIM-SM, and PIM-SSM protocols, providing a complete set of multicast solutions. In addition, to provide enhanced and more reliable multicast services and guarantee the deployment and operation of the services, the ZXR10 8900E also supports the functions of multicast route guard and anycast RP. Controllable Multicast The ZXR10 8900E supports a complete set of controllable multicast features. It implements accurate control on multicast users by the functions of IGMP V1/V2/V3, IGMP Snooping, IGMP Proxy, IGMP Fastleave, multicast VLAN, Channel Access Control (CAC) , and Call Detail Record (CDR), The ZXR10 8900E also provides the following customized controllable multicast management functions to allow you to directly manage IPTV channels and subscribers: l l l l l l l Channel access control Channel management Package management Preview configuration Preview template management CDR recording Uniform network management through MIB The ZXR10 8900E provides these controllable multicast functions to allow the network operator to accurately control their multicast services, perform overall subscriber management, and flexibly deploy IPTV services. MCE The Multi-VRF CE (MCE) technology extends CE capabilities to support VRF functions. Devices providing the MCE function are called MCE devices. The ZXR10 8900E supports MCE configuration. 2.3 MPLS and VPN Functions Basic Functions of MPLS Multiprotocol Label Switching (MPLS) is a multi-layer switching technology. It combines layer 2 switching technologies with layer 3 routing technologies, using labels to aggregate 2-8 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 2 Functions and Features forwarded information. Running on the routing layer, MPLS supports various upper-layer protocols and can be implemented on different physical platforms. MPLS combines the performance and capabilities of Layer 2 switching with the flexibility and scalability of Layer 3 routing, and thus simplifies MPLS network management and optimizes network performance. Now, the ZXR10 8900E provides a complete set of MPLS protocols and mainly provides these functions: l l l l Supports the LDP and RSVP protocol. Supports TTL value decreasing, loopback detection, policy management, and penultimate hop popping. Supports automatic label distribution by downstream and free label retention mode. Supports LSP fast rerouting and RSVP-LSP establishment. MPLS TE MPLS TE combines traffic engineering with the MPLS protocol to allow service providers to precisely control the path through which traffic goes. Thus, congestion nodes can be avoided, and paths will not be too overloaded or too idle, allowing bandwidth resources to be fully utilized. In addition, during the establishment of an LSP tunnel, MPLS TE can reserve resources to guarantee the quality of service. The ZXR10 8900E supports MPLS TE and provides the following features: l l l l Provides the capability of forwarding IP packets through a non-IGP shortest path, effectively avoiding network congestion caused by unbalanced network traffic. Guarantees bandwidth by reserving bandwidth for key traffic, defining priorities, and using bandwidth preemption mechanisms, so that packets will not be dropped due to insufficient link bandwidth. Guarantees stable and reliable data transmission: When a link or transmission node fails, the link can be quickly switched to a backup one through MPLS TE FRR and MPLS TE. In addition, LSP full-path protection is supported, which greatly reduces negative impacts on traffic. Supports MPLS VPN over TE and LDP over RSVP, allowing TE tunnels to provide bandwidth guarantee and service isolation for MPLS VPN services. MPLS Layer 2 VPN MPLS layer 2 VPN falls into two categories: l l Virtual Private Wire Service (VPWS): Implements point-to-point communications between sites within a VPN. Virtual Private LAN Service (VPLS): Implements point-to-multipoint communications. In a VPLS network, a CE simply sends the data destined to all destinations to the PE connected to the CE. The ZXR10 8900E supports the VPWS drafted by Martini and the extended LDP to establish different LSPs according to service types. It also supports Ethernet and VLAN encapsulation, and LDP-based extended VPLS. 2-9 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description The ZXR10 8900E also supports hierarchical VPLS (HVPLS), with the access mode being PW or QinQ. MPLS Layer 3 VPN The ZXR10 8900E supports all MPLS L3 VPN functions, including: l l l l Address overlapping Static route, RIP, OSPF, and BGP access of a CE The extended community attribute, capability negotiation, and route update of the BGP Binding a VLAN to a VRF The ZXR10 8900E supports Multi-AS VPN, providing the following three inter-domain VPN deployment solutions: l l l VRF-to-VRF solution Single-hop MP-EBGP solution Multi Hop MP-EBGP solution 2.4 QoS Basic QoS As the IP network is evolving, more and more new services demand that the IP network provide predictable as well as reliable transmission. Users demand that their network can provide stable and high-performance services in any place and at any time. Traffic engineering is intended for optimizing network performance. It can map traffic to actual physical channels and meanwhile automatically optimize network resources to fulfill the serviceability required by particular application. It is a network engineering technology that allows both macro regulation and micro control. At present the key to traffic engineering is load balancing and network recovery. IP traffic engineering is to effectively implement the integration of the conventional best-effort IP service and the QoS. To fulfill the above objectives, the ZXR10 8900E provides the following functions: Traffic Classification Traffic means the packets sent through switches. Traffic classification is to classify the packets according to particular characteristics. To achieve this purpose, you can use an ACL, especially an extended ACL. Packets can be classified by various ACL filtering options, such as source/destination IP address, source/destination MAC address, IP protocol type, TCP source/destination port number, UDP source/destination port number, DSCP, ToS, IP Precedence, VLAN ID, and 802.1p priority. Traffic Policing 2-10 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 2 Functions and Features Traffic policing restricts the bandwidth for a specific service to reduce the impacts on other services. Actions taken when the traffic exceeds a limit include: l l l Dropping or forwarding the packet. Passing the packet through with a modification to the DSCP value. Passing the packet through with a modification to the drop priority (packets with a high drop priority are dropped first when the queue is congested) The ZXR10 8900E implements the Single Rate Three Color Marker (RFC2697) and (Two Rate Three Color Marker) (RFC4115) functions. Both algorithms support Color-Blind mode and Color-Aware mode. Traffic Shaping Traffic shaping controls the rate of outputted packets, so that all the packets are sent out in an even rate. Through traffic shaping, packet rates can match downstream devices, so that congestion and packet dropping can be avoided. The ZXR10 8900E supports traffic shaping at two levels, namely, VLAN-based traffic shaping and port-based traffic shaping. Thus, the system can implement multi-level traffic control and ensure hierarchical QoS and management. Congestion Avoidance The ZXR10 8900E uses the RED/WRED method to avoid congestion and improve network quality. The ZXR10 8900E WRED can perceive services, including the IP precedence, DSCP, and the MPLS EXP bit, and can set different early drop policies for the packets of different priorities, so that differentiated drop features are provided to different services. Queue Scheduling Each physical port of the ZXR10 8900E supports eight output queues (numbered from 0 to 7), which are called CoS queues. According to the CoS corresponding to the 802.1p tag in a packet, the ZXR10 8900E performs output queue operations on the ingress. In case of network congestion, multiple packets compete for resources. This problem can be solved by queue scheduling. The ZXR10 8900E supports three queue scheduling methods. The eight output queues on a port can use different scheduling methods. l l l Strict priority (SP) Weighted round robin (WRR) Dynamic weighted round robin (DWRR) The 802.1p tag contains packet priority information. If the packet entering a port does not carry a 802.1p tag, a switch allocates a default 802.1p value to the packet. Priority Tag A priority tag re-assigns a set of service parameters to the particular traffic described in an ACL. The following types of operations can be performed: l Modifying the CoS queue of a packet and the 802.1p value 2-11 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description l l l Modifying the CoS queue of a packet, but keeping the 802.1p value unchanged Modifying the DSCP value of a packet Modifying the drop priority of a packet Ethernet OAM At present, the ZXR10 8900E supports the following Ethernet OAM standards: l l IEEE 802.3ah (Operations, Administration, and Maintenance-OAM) IEEE 802.1ag (Connectivity Fault Management-CFM) The ZXR10 8900E supports Ethernet OAM functions that support the above mentioned standards. The functions include Ethernet continuity test (ETH-CC), Ethernet loopback (ETH-LB), Ethernet link tracing (ETH-LT), Ethernet frame loss measurement (ETH-LM), Ethernet frame delay measurement (ETH-DM), remote fault indication, and remote loopback. 2.5 Clock Synchronization The trend to IP-based bearer networks requires the Ethernet to provide accurate clock to the mobile wireless network, which has a strict requirement for high precision. Frequency synchronization and time synchronization are both needed. The ZXR10 8900E supports a synchronous Ethernet plus 1588v2 solution. It uses synchronous Ethernet to implement clock frequency synchronization, and uses IEEE 1588 to implement time synchronization by frequency fine tuning and time maintenance. The ZXR10 8900E can be configured with various clock source priorities, according to which the clock sources are selected. The clock source of the highest priority is used. When this clock source fails, a clock source of one priority level lower takes effect immediately. The clock source recovery policy is as follows: When the clock source of a higher priority is recovered, the clock can choose to switch to the clock source of the higher priority, depending on configuration. Clock Source The ZXR10 8900E supports five types of clock sources. The main control determines to distribute which clock source to the whole system. The five types of clock sources are: l l l l l Local clock: Local clock is used by system hardware, and it provides the most basic clock signals. BITS: Supports 2 MHz analog clock signals and 2 Mbits digital clock signals. GPS: As the conventional mobile network clock source, GPS provides highly accurate clock signals. It can provide 1PPS+TOD signals. SyncE: Support synchronous Ethernet interfaces to restore and retrieve clocks from the physical layer. 1588v2: The IEEE 1588v2 is a precision time protocol. By transmitting messages between active and standby devices, it implements accurate synchronization of the active/standby clock and time. 2-12 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 2 Functions and Features Synchronous Ethernet The ZXR10 8900E can retrieve line clocks from Ethernet links, and supports obtaining reference clocks through external synchronous interfaces (including BITS and GPS) as the input for the system clock selection function. According to synchronization state information or alarms, the system selects a proper clock source and export clock source. After determining the clock source, the system uses the highly accurate clock on Ethernet interfaces to send data and transfer synchronization state information to implement end-to-end sent/received data synchronization on the Ethernet physical layer. IEEE 1588 v2 The ZXR10 8900E implements the IEEE 1588 v2 protocol, and supports the following operational modes: l Normal clock Only one port supports the 1588 protocol, which can be configured as grandmaster or slave. l Border clock Multiple ports support the 1588 protocol, which can be connected to multiple normal clocks or transparent clocks. l Transparent clock The 1588 protocol does not run on each node, but the node needs to modify timestamps. When forwarding a time packet, the node updates the time correction field, which is in either E2E or P2P mode. Clock Protection The ZXR10 8900E supports two clock protection modes: l Port selection protection The ZXR10 8900E uses the SSM protocol and the best master clock (BMC) algorithm to implement automatic protective switching, and ensure reliable clock transfer. l Dual-main-control protection The ZXR10 8900E's active/standby main control modules always synchronize clock information. When a main control module receives a BITS or GPS clock signal, it directly forwards the signal to the other main control module. 2.6 Protection for Reliability Equipment Protection Main Control Module Protection The ZXR10 8900E provides carrier-class reliability. It provides two main control boards, each of which has control modules and switching modules. The two main control boards 2-13 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description work in load-sharing or redundancy backup mode. Redundancy is supported for switching modules and main control modules. If an active module fails, services and data will be switched to the standby module to guarantee uninterrupted data transfer and service operation. Power Module Protection To satisfy telecom carriers' strict requirements for equipment reliability, the ZXR10 8900E provides a hot backup design for power supply, and supports 48 V DC and 220 V AC power supply modes. DC power supply operates in 1+1 mode, while AC power supply operates in 1+1 backup or 2+1 backup mode depending on rack configuration. Thus the reliability of the power supply system is improved. In addition, the ZXR10 8900E's power supply system provides various intelligent mechanisms to protect power supply, detect and report faults according to parameters such as voltage, current, temperature. System Monitoring The ZXR10 8900E satisfies carrier-class reliability requirements, and provides a whole set of system monitoring approaches to reduce customers' maintenance costs and improve equipment stability and reliability. In terms of hardware, the ZXR10 8900E monitors ambient temperature, board temperature, fan status, power status, power consumption sampling (including PoE power supply), and air volume (or calculated by temperature if conditions do not permit). In terms of software, the ZXR10 8900E actively collects the information about ambient temperature, board temperature, fan status, power status, power consumption sampling (including PoE power supply), and air volume. If a fault occurs or an index exceeds its alarm threshold, the system raises an alarm and reports the fault. Alarm and fault information can be periodically stored and uploaded to a specified server. Network Detection Mechanisms During network equipment operation, link failures, single-point failures, and connectivity problems may occur. To discover all sorts of faults in the network in time, and provide protective measures, the ZXR10 8900E provides a series of effective network detection mechanisms. In addition to the detection techniques mentioned below, the ZXR10 8900E also supports many fault detection and locating methods such as UDLD, IP Ping, IP Trace, multicast Traceroute, LSP Ping, and LSP Traceroute. BFD The ZXR10 8900E supports the BFD of static routes, OSPF and other dynamic routes, and VRRP to implement fast convergence. The ZXR10 8900E supports combining BFD and FRR technologies to provide a fast fault detection mechanism and implement fast rerouting. OAM Detection OAM provides rich detection methods (mainly the Ethernet OAM technology) for identifying network faults. Through OAM packet detection, the system can detect the link status, node status, and tunnel connectivity, and trigger protective switching when finding a fault. 2-14 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 2 Functions and Features SQA The ZXR10 8900E supports ICMP-echo, DHCP, DNS, FTP, HTTP, UDP-jitter, SNMP, TCP, UDP-echo, Voice, and DLSw detection. It can link the detection results to functions such as VRRP. Intelligent Ethernet Protection The ZXR10 8900E supports ZTE Ethernet Switch Ring (ZESR), ZTE Ethernet Smart Switch (ZESS), and ZESR+, and provides ring network protection and dual-uplink link protection. ZESR/ZESS/ZSER+ comply with the ITU-T G.8032 standard. Layer 3 Routing Protection The ZXR10 8900E supports the following layer 3 routing protection functions: l l l Enhanced VRRP Route load sharing Graceful Restart (GR) VPN Protection The ZXR10 8900E supports layer 3 route protection, mainly including PW protection and MPLS VPN dual-home protection. MPLS VPN dual-home protection can be dual-homing a CE to two PEs or dual-homing a UPE to two NPEs. FRR Protection Supporting IP FRR The switching speed of IP Fast ReRoute (IP-FRR) reaches 50 ms, which can minimize data loss upon network failures. The IP FRR function computes backup routes in advance. If an active route fails, the IP FRR function does not re-compute routes, but switch traffic to a backup route. When the active route is restored to normal, the traffic is switched back to the active route. The ZXR10 8900E supports static routing, OSPF, IS-IS, and RIP fast rerouting. Thus traffic can be quickly switched in one direction, which satisfies the switching time requirement of services. Supporting LDP FRR The LDP FRR is an MPLS-related reliability technology. Through the Label Distribution Protocol (LDP), the LDP FRR distributes an active/standby label to a route. Due to the existence of standby labels, a router can rapidly respond to route changes and switch to a standby label to implement switching protection with 50 ms after a network failure occurs. The LDP FRR is a temporary protective measure. When the protected link is restored, the traffic will be switched back to the original LSP. The LDP FRR does not depend on the complicated MPLS TE technology, and need not establish standby LSPs respectively for links, nodes, and paths. So, the implementation is easy. Supporting MPLS TE FRR 2-15 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description The MPLS TE fast reroute (FRR) is a set of mechanisms in MPLS TE for protecting links and nodes. If an LSP link or node fails, the node where the failure is discovered will be protected, so that traffic can still pass through a protective link or node, and data transfer is not interrupted. Meanwhile, the head node can continue initiating primary path re-establishment. Supporting L3VPN FRR The L3VPN FRR solves the problem of end-to-end service convergence for a dual-home CE, the most common network model. If a PE node fails, the L3VPN FRR can control the end-to-end service convergence time within 1 s. The MPLS TE FRR only solves the failures of links or nodes, but it cannot implement end-to-end fast convergence in case of a PE failure, which requires VPN route convergence. 2.7 Security and Authentication ACL To filter data, a network device should be configured with a series of matching rules to identify the objects to be filtered. After particular objects are identified, the device permits or denies the passing of the corresponding data packets, depending on preset policies. An Access Control List (ACL) can be used to implement these functions. The ZXR10 8900E provides five types of ACLs: l l l l l Link ACLs IPv4 ACLs IPv4 mixed ACLs IPv6 ACLs IPv6 mixed ACLs Device Authentication AAA The ZXR10 8900E support Authentication, Authorization and Accounting (AAA). It can not only authenticate and authorize a subscriber by with the assistance of hierarchical command line protection, but also verify the validity of network management users in network management. By using the AAA mechanism, the ZXR10 8900E can effectively prevent illegal subscribers from logging in. For different subscriber access authentication policies, the device provides perfect AAA authentication and authorization functions. According to different access authentication requirements, you can configure different access authentication policies to perform authentication and authorization on subscribers selectively. The AAA supports three subscriber authentication modes: l l l Local account verification Remote Authentication Dial-In User Service (RADIUS) verification Terminal Access Controller Access Control System (TACACS+) verification 2-16 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 2 Functions and Features The AAA supports four authorization modes: l l l l Direct authorization: Subscribers are trusted and directly authorized. Local account authorization: Authorizes subscribers according to the locally configured accounts. TACACS+ authorization: TACACS+ can separate authorization from authentication. The TACACS+ server performs subscriber authorization. Authorization after successful RADIUS authentication: The RADIUS protocol does not allow the separation of authentication and authorization. SSH The Secure Shell (SSH), drafted by the IETF, is a security protocol established on the application and transport layers. The SSH is a reliable protocol that provides security particularly for remote login sessions and other network services. The SSH protocol can effectively prevent information leakage during remote management. Through the SSH protocol, data can be encrypted before transmission, and thus intermediary attacks can be avoided. The SSH supports two authentication modes: l l Password-based security verification Key-based security verification The ZXR10 8900E supports SSHv2 security verification. Hierarchical Commands The ZXR10 8900E implements authority-based hierarchical command management. Up to 16 command authority levels are supported. Different login subscribers are bound to different authority levels. The lower the level, the less commands the subscriber is allowed to use. The administrator, who has the highest authority level, can set different authority levels for commands, and thus customized command authority configuration is implemented. Access Security 802.1x The ZXR10 8900E's 802.1X module performs the following functions: l l l l l l Supports the authenticator's functions. Supports local authentication. Supports that the authenticator PAE sends or receives EAPOL frames through an uncontrolled port. Supports manipulating a controlled port by using AuthControlledPortControl parameter values including ForceUnauthorized, Auto, and ForceAuthorized. Supports manipulating a controlled port by using both AdminControlledDirections and OperControlledDirextions parameters. Supports periodic re-authentication for a supplicant according to a re-authentication timer. 2-17 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description l Supports transparent transmission of 802.1x authentication packets when authentication is not required. DHCP The ZXR10 8900E supports DHCPv4 server, DHCPv4/v6 relay, DHCPv4/v6 snooping, and DHCP option82 functions. IP source guard By establishing the binding relations between a port and a VLAN, MAC address, or IP address, an IP source guard checks the packet source and allows traffic satisfying specific conditions to pass, and thus packet security control is implemented. The IP source guard establishes a binding table in either of the following forms: l l Static binding Dynamic binding The ZXR10 8900E supports IPv4-based and IPv6-based IP Source Guard function. DAI Dynamic ARP Inspection (DAI) sends ARP packets up to a CPU for processing. After determining that the ARP packet is legal or not, the CPU forwards or drops it. Network Security The ZXR10 8900E implements network-based security protection, and every module has the security checking function. In the ZXR10 8900E, network security functions are as follows: l l l l l l l l l l l l l l Prevents subscriber ARP snooping. Supports MAC address flood protection, which restricts the number of MAC addresses. Sets broadcast packet thresholds on a port. Filters layer 2, 3 and 4 ACLs together. Filters routes. Forbids ICMP redirection to prevent an attacker from sending fake ICMP packets. Prevents CPU attacks, provides protocol packet protection, distributes different hardware CPU queues to protocol packets, sets priorities, limit rates, performs QoS such as WRED, and protects CPU. Prevents DoS attacks by hardware queues, and supports preventing land | null-scan | ping-of-death | smurf | sys-fin | syn-port-less-1024 | xma-scan | ping-flood | syn-flood attacks (for ping-flood | syn-flood, rate limiting is supported). Prevents IPv4 URPF source address spoofing. Supports automatic broadcast storm suppression. Supports control/signaling MD5 authentication. Supports DHCP snooping. Supports DHCP snooping-based IP Source guard and DAI. Supports IPv6 ND security. DDoS Attack Prevention 2-18 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 2 Functions and Features As the network environment becomes more and more complicated, switches are facing the demand for higher attack prevention capabilities. There are many methods and policies for DDoS attack prevention. CPU protection is one of the major methods. The ZXR10 8900E's DDoS attack prevention supports most L2 and L3 protocols. L2 protocols mainly include some STP and MSTP packets, as well as layer 2 ring network packets of switches. L3 protocols mainly includes the IPv4 and IPv6 protocols. l l IPv4 protocols: OSPF, PIM, IGMP, VRRP, ICMP, ARPREPLY, ARPREQUEST, GROUP MNG, VBASE, VRRP ARP, DHCP, RIP, BGP, Telnet, LDP_TCP, LDP_UDP, TTL, BPDU, SNMP, MSDP, and RADIUS. IPv6 protocols: MLD, ND, ICMP6, BGP4+, RIPNG, OSPFv3, LDPTCP6, LDPUDP6, Telnet6, and PIM6. The ZXR10 8900E expands hierarchical CPU protection based on regular CPU protection. Hierarchical CPU protection includes hardware, software, and protocol stack protection. The ZXR10 8900E also prevents DDoS attacks by limiting MAC address learning, limiting the port flow rate, and multi-layer ACL filtering. uRPF The ZXR10 8900E supports strict, loose, and loose-ingoring-default-route Unicast Reverse Path Forwarding (uRPF). l l l Strict uRPF means that a packet is dropped if the egress found according to the source address does not exactly match the ingress, or is handled properly otherwise. Loose uRPF means that the packet is handled normally if a route is found according to the source address and the default route's egress is consistent with the ingress, or is dropped otherwise. Loose-ingoring-default-route uRPF means that the packet is handled normally if a route is found according to the source address and it is not the default route, or is dropped otherwise. ND Security The ZXR10 8900E supports the configuration of trusted switch ports, trusted switch addresses, and ND learning quantity limit. It supports ND snooping-based ND packet filtering by configuring a static binding relation between a port and a VLAN, IP address, or MAC address. It can also detect ND packets based on DHCPv6 snooping entries, allow legal packets to pass, so that network risks are minimized. 2.8 Network Traffic Analysis The ZXR10 8900E supports mainstream network traffic analysis technologies including IETF standard IPFIX and sflow. 2-19 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description This page intentionally left blank. 2-20 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 3 Product Structure Table of Contents Product Overview .......................................................................................................3-1 Hardware Structure ....................................................................................................3-4 Supported Boards ......................................................................................................3-6 Software Structure......................................................................................................3-9 3.1 Product Overview The ZXR10 8900E uses a large-capacity rack architecture. The hardware system is composed of a chassis, a backplane, fan subracks, power supply modules, switching main control boards, and various link processing boards. ZXR10 8912E Overview For the ZXR10 8912E overview, see Figure 3-1. Figure 3-1 ZXR10 8912E Overview For the ZXR10 8912E structure, see Figure 3-2. 3-1 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Figure 3-2 ZXR10 8912E Structure ZXR10 8908E Overview For the 8908E overview, see Figure 3-3. Figure 3-3 ZXR10 8908E Overview For the ZXR10 8908E structure, see Figure 3-4. 3-2 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 3 Product Structure Figure 3-4 ZXR10 8908E Structure ZXR10 8905E Overview For the 8905E overview, see Figure 3-5. Figure 3-5 ZXR10 8905E Overview For the ZXR10 8905E structure, see Figure 3-6. 3-3 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Figure 3-6 ZXR10 8905E Structure ZXR10 8902E Overview For the 8902E overview, see Figure 3-7. Figure 3-7 ZXR10 8902E Overview For the ZXR10 8902E structure, see Figure 3-8. Figure 3-8 ZXR10 8902E Structure 3.2 Hardware Structure The ZXR10 8900E series switch is a rack-based system and has three separate planes, including forwarding, control, and monitoring planes. The three planes work together to perform system functions. The system uses a new-generation high-capacity high-speed serial bus backplane to connect main control boards to various service line cards. The primary monitoring node on each main control board manages the monitored nodes on the line cards through a monitoring bus and collects monitoring information of the line cards to implement intelligent equipment management. 3-4 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 3 Product Structure High-capacity High-speed Backplane The system has the up-to-date design of passive high-capacity high-speed backplane and connects main control boards and line cards through high-speed wiring, ensuring sufficient switching capacity required by system operation. Main Control Board Main control boards are important integrated boards working in 1:1 backup mode. Each main control board includes a high-performance CPU, a large-memory storage space, an inter-board switching module, a monitoring module, and a clock module. For 8912E/8908E/8905E, each main control board also includes a high-capacity switching matrix, which has a multi-plane independent design to guarantee its switching capability and future expansion. For the 8902E, main control boards do not have a switching matrix. Line cards implements back-to-back connection through a high-speed backplane. During operation, the ZXR10 8900E series switch's two main control boards interact closely. Service Line Cards Service line cards directly process packets and send them to specific ports on the destination service line cards. Each service line card has its own forwarding information base, and forwarding decisions are made locally, ensuring wire-speed switching capability. Service line cards are diversified, and they can support clock or monitoring features. Depending on requirements, the following types of service line cards can be provided for the time being: l l l GE service cards 10-GE service cards 40-GE service cards Power Supply The ZXR10 8900E has a brand new power supply design, which supports the main control system's remote signaling/control over power supply. Through an RS485 port, the main control system can intelligently monitor the temperature over/under-voltage, power-off alarms, and current-limited state of the power supply system. Intelligent Fan Shelf The ZXR10 8900E system uses an intelligent fan shelf to adjust each fan's speed, raises stalling alarms, and detect fan board temperature. In addition, the shelf can adjust fan speed of each slot according to temperature, so that energy is saved. 3-5 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description 3.3 Supported Boards Main Control Board For the ZXR10 8912E/8908E/8905E, switching and control modules are integrated on a main control board. The main control board mainly consists of a CPU subcard, switching chips, a clock system, and a monitoring subcard, and implements management and control over the whole system and switches data packets among various line cards. From the perspective of functionality, the main control board consists of switching, control, clock, monitoring, out-band communication, power supply, and logical modules. For the main control board diagram, see Figure 3-9. Figure 3-9 8912E/8908E/8905E Main Control Board Diagram The main control board of the ZXR10 8902E implements control functions. For the board diagram, see Figure 3-10. Figure 3-10 8902E Main Control Board Diagram Control Module 3-6 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 3 Product Structure The control module consists of a main processor and some external functional chips. It provides various external operation interfaces, such as serial ports and Ethernet ports, to process various applications. The main control module mainly consists of the following functional units: l l l l Network management unit: Runs a network management protocol, such as SNMP. Protocol processing unit: runs network and routing protocols, such as OSPF, RIP, and BGP-4. The protocol processing unit maintains a global routing table and forwarding tables, and maintains the consistency among processor nodes. Monitoring unit: Provides operation and management interfaces for various line cards. Internal communication unit: Provides a high-speed signaling channel between boards, and allows the main control board to efficiently and accurately control the management CPUs of the other boards through the internal communication module, and to transfer routing information through that channel. The main control module has the following features: l l l l l l l l l High-performance CPU: Is capable of running layer 2 and layer 3 protocols and network management and monitoring programs. GE channel: Can be connected to a management interface to provide the functions of system management and program downloading and debugging. One RS232 serial port: Used for board debugging and management. Temperature checking: Each main control board has a temperature checking device that is connected to the CPU subcard to check the system temperature and reports the results to the back-end EMS. System log management: All system logs are stored in the system flash memory. Clock chips are mounted on the CPU interface to provide an accurate clock to the system. Active/standby switching, active/standby state signal indication, line card reset signals, and line card in-position checking. Faults are classified into warning faults and switchover faults. A routing data synchronization channel is provided between active and standby boards. Switching Module The switching module performs data switching for the whole system, providing a high-speed and non-blocking switching channel among all line card units. The switching modules uses a dedicated CROSSBAR chip, which integrates multiple high-speed bidirectional interfaces to perform wire-speed switching. The switching chip performs the following functions: l l l l Store-and-forward switching. Supports 16 KB jumbo frames. Supports priority queues that selectively drops frames in case of CoS queue congestion. Each port provides a set of management control counters. Clock Module 3-7 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description This system uses the synchronous Ethernet technology to implement clock frequency synchronization. It performs phase fine tuning and time maintenance according to the IEEE 1588 to synchronize clock time. The synchronous Ethernet can perform frequency synchronization by the reference clocks generated by four types of clock sources including local clock of the clock subcard, BITS (2MHz or 2Mbits), GPS, and line card clock recovery. Monitoring Module The monitoring module (IPMC) is a component of the device monitoring system. The monitoring module, hardware management bus, and software monitoring and management module compose the intelligent platform management system. The monitoring module mainly performs the following functions: l l l Information gathering: The monitoring module gathers information about the ambient temperature, board temperature, fan status, power supply status, and power sampling. Alarm: The monitoring module sets alarm parameters for all the monitored items mentioned above, and produces alarms in case of exceptions. Management: The monitoring module provides automatic or manual control of the fan speed, and monitors board power-on/off. Interface Modules The ZXR10 8900E series core switch's interface modules refer to line interface cards. Currently GE, 10 GE optical, and 40 GE optical interface boards are provided. All the optical interfaces of the ZXR10 8900E uses pluggable optical modules. Thus, one line card can satisfy the requirements for different transmission media and distances. and some line cards even provide different types of interfaces to reduce the need for extra line cards. All the electrical interfaces in a line card have the cable diagnosis function, which allows diagnosing cable connections at any time. During a diagnosis, short circuits and open circuits can be identified, and the location where a fault occurs can be specified, with the precision of 1 meter. For the main interface board types of the ZXR10 8900E, see Table 3-1. Table 3-1 8900E Interface Board Types Boar- Fixed Interface Line d/Card Processing Board Model Name E1GF24A H2GF24D Port Form Remarks 24-port NP enhanced 24 GE optical ports, NP extension is available, and MPLS, Gigabit optical interface supporting fast and large entries, Ethernet OAM, and board Gigabit SFP intelligent monitoring are supported. 24-port Gigabit optical 24 GE optical ports, MPLS, large entries, Ethernet OAM, interface board supporting fast and clock (SyncE or 1588v2), and intelligent Gigabit SFP monitoring are supported. 3-8 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 3 Product Structure Boar- Fixed Interface Line d/Card Processing Board Model Name H2GF48D 48-port Gigabit optical interface board H2GT48D Port Form Remarks 48 GE optical ports, MPLS, large entries, Ethernet OAM, supporting fast and clock (SyncE or 1588v2), and intelligent Gigabit SFP monitoring are supported. 48-port Gigabit 48 GE electrical MPLS, large entries, Ethernet OAM, electrical interface ports, supporting clock (SyncE or 1588v2), and intelligent board fast and Gigabit monitoring are supported. adaptive. H2XF8D 8-port 10 Gigabit 8*10 GE optical MPLS, large entries, Ethernet OAM, and optical interface board ports, supporting intelligent monitoring are supported. 10G SFP+ S1XF12A 12-port 10 Gigabit 8*10 GE optical L2/L3, IPv4/v6 features, SyncE, and optical interface board ports, supporting intelligent monitoring are supported. 10G SFP+ 3.4 Software Structure Introduction The ZXR10 8900E series core switch is based on ZTE's new-generation IP protocol stack platform Zhong Xing Route Operating System (ZXROS). The protocols of the platform implements product-unrelated service functions. All software components can run in user state of the microkernel system, and thus the system security is enhanced. The software components belong to different independent process spaces, allowing illegal application operations to be isolated. Component-based management is used. Component functions can be independently developed, versions can be separately released, and components can be dynamically installed, uninstalled, or upgraded. Uninterrupted routing and distributed processing is supported. Fast and reliable inter-CPU synchronization is also supported. For the overall components of the ZXROS software platform, see Figure 3-11. 3-9 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Figure 3-11 Framework of the New-generation ZXROS Software Platform System The ZXROS software platform system includes the following subsystems: l Route subsystem Includes unicast and multicast routing protocols. l L2 subsystem Includes various layer 2 protocols. l MPLS subsystem Includes the LDP, RSVP, and PWE3 protocols. l L3&PSS subsystem Includes TCP/UDP, ARP, ND, packet sending/receiving, interface management, routing table, label table management, forwarding table integration, and synchronization modules. l Configuration and resource management subsystem Includes ACL, route-map, L2VPN, and L3VPN configuration management modules, and label and IP pool resource management modules. l Application protocol subsystem Includes various application protocols such as Netflow, Radius, NTP, and Telnet. Software Characteristics The software platform's key and competitive technologies lie in the following aspects: l l l System kernel resources run in privileged mode. All software components run in user state in the microkernel system. Thus, the system security is enhanced. The software components belong to different independent process spaces, allowing illegal application operations to be isolated. Component functions can be independently developed, and versions can be separately released. 3-10 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 3 Product Structure l l l l l l l Software components can be dynamically installed, uninstalled, or upgraded online (ISCU-in-service component upgrade). Versions can be smoothly upgraded without service interruption, and service customization requirements can be satisfied. The software system architecture supports distributed protocol processing. That is, protocols use independent processes, and messages are sent between processes. Fast inter-CPU synchronization is supported by using reliable multicast packets, and thus the route convergence speed is improved. Command configuration and protocol processing are separated, and platform and product command scripts are loosely associated. A uniform external interface is provided. Fast secondary development is supported. Outsourced software can be optimized. Nonstop routing (NSR) is supported. Cluster technologies are supported. In addition, the ZXROS software platform has the following characteristics: l l l l l l l High reliability and stability: The software platform satisfies long-term stable network operation requirements. à Failures of one software component does not affect the other components. à Components are independently developed, released, and upgraded. à The platform and products are loosely coupled. Real-time performance: The software platform satisfies large dynamic routing protocols, network management protocols, and time requirement of data synchronization among multiple processors. Self-healing: System exceptions are detected, handled, and recorded. In case of an exception, the system can immediately perform recovery and switching. Maintainability: The usage and invoking status of core resources and system services can be traced and recorded. Software components are independent, making it easier to trace failures. Simplicity: The software platform only provides essential system services to applications, and shields unnecessary system services. Encapsulation: Hardware features can be totally shielded, so that the application layer is unrelated to the hardware. The software platform is uniform and portable to all processor applications. Smooth evolution: The software platform supports fast secondary development, and can quickly integrate outsourced software and respond to customers' requirements in time. 3-11 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description This page intentionally left blank. 3-12 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 4 Technical Specifications Basic Specifications For the basic features and physical specifications of the ZXR10 8900E, refer to Table 4-1. Table 4-1 Basic Features and Physical Specifications of the Device Description Attribute 8912E 8908E 8905E 8902E 19.2 Tbps 12.8 Tbps 8 Tbps 3.2 Tbps 5.12 Tbps 5.12 Tbps 3.2 Tbps 1.28 Tbps 3840 Mpps 3840 Mpps 2400 Mpps 960 Mpps 576 384 240 96 144 96 60 24 Dimensions 753 mm * 442 577 mm * 442 442 mm * 442 175 mm * 442 Phys- (height × mm * 446 mm mm * 446 mm mm * 446 mm mm * 420 mm ical width × pa- depth) rame- Weight (full 89.7 kg 64.9 kg 51.2 kg 24 kg ters configura- 14 10 7 4 12 8 5 2 Backplane bandwidth Basic Per- Switching capability form- Packet ance forwarding Spec- ratio ifications Number of GE ports Number of 10 GE ports tion) Total number Num- of slots ber of slots Number of service slots 4-1 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Description Attribute 8912E Power supply 8908E 8905E 8902E 1235 W 300 W 100 V–240 V, 50 Hz –60 Hz conditions (AC) Power supply Po- conditions wer (DC) supply Maximum -57 V–-40 V 2718 W 2084 W total consumption of the device in full configuration Operating Long-term: -5℃–+45℃ temperature Short-term: -5℃–+50℃ ron- Storage -40℃–+70℃ ment temperature re- Relative quire- humidity Envi- ments Earthquake 5%–95%, without condensed moisture Able to resist an earthquake of magnitude 8 resistance Interface Specifications For the optical and electrical interface features of the ZXR10 8900E, refer to Table 4-2. Table 4-2 Optical and Electrical Interface Features Port Type Feature Description 10 /100 /1000BASE-T In compliance with IEEE802.3z standards. RJ45 connector. Class 5 UTP twisted-pair wire, maximum transmission distance: 100 m. Half duplex/full duplex, MDI/MDIX. 100BASE-FX (SFP-M02K) LC connector, multi-mode optical fiber, wavelength: 1310 nm, maximum transmission distance: 2 km. Transmission power: -19–-14 dBm, reception sensitivity: <-30 dBm 100BASE-FX (SFP-S15K) SFP optical module. LC connector, single-mode optical fiber, wavelength: 1310 nm, maximum transmission distance: 15 km. Transmission power: -14–-8 dBm, reception sensitivity: <-31 dBm 4-2 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 4 Technical Specifications Port Type Feature Description 100BASE-FX (SFP-S40K) LC connector, single-mode optical fiber, wavelength: 1310 nm, maximum transmission distance: 40 km. Transmission power: -4–-0 dBm, reception sensitivity: <-37 dBm 100BASE-FX (SFP-S80K) LC connector, single-mode optical fiber, wavelength: 1550 nm, maximum transmission distance: 80 km. Transmission power: -3–+3 dBm, reception sensitivity: <-37 dBm 1000BASE-SX (SFP-M500) LC connector, single-mode optical fiber, wavelength: 850 nm, maximum transmission distance: 500 m. Transmission power: -9.5–4 dBm, reception sensitivity: <-17 dBm 1000BASE-LX (SFP-S10K) LC connector, single-mode optical fiber, wavelength: 1310 nm, maximum transmission distance: 10 km. Transmission power: -9–3 dBm, reception sensitivity: <-20 dBm 1000BASE-LX (SFP-S40K) LC connector, single-mode optical fiber, wavelength: 1310 nm, maximum transmission distance: 40 km. Transmission power: -4.5–5 dBm, reception sensitivity: <-22 dBm 1000BASE-LX(SFP-S40K- LC connector, single-mode optical fiber, wavelength: 1550 nm, 1550) maximum transmission distance: 40 km. Transmission power: -5–0 dBm, reception sensitivity: <-22 dBm 1000BASE-LH (SFP-S80K) LC connector, single-mode optical fiber, wavelength: 1550 nm, maximum transmission distance: 80 km. Transmission power: 0–3 dBm, reception sensitivity: <-22 dBm 1000BASE-LH (SFP-S120K) LC connector, single-mode optical fiber, wavelength: 1550 nm, maximum transmission distance: 120 km. Transmission power: 0–5 dBm, reception sensitivity: <-30 dBm 10GBASE-SR (SFP+-M300) LC connector, multi-mode optical fiber, wavelength: 850 nm, maximum transmission distance: 300 m. Transmission power: -7.3–-1.0 dBm, reception sensitivity: <-11.1 dBm 10GBASE-LR (SFP+-S10K) LC connector, single-mode optical fiber, wavelength: 1310 nm, maximum transmission distance: 10 Km. Transmission power: -8.2–0.5 dBm, reception sensitivity: <-10.3 dBm 10GBASE-ER/EW LC connector, single-mode optical fiber, wavelength: 1550 nm, (SFP+-S40K) maximum transmission distance: 40 Km. Transmission power: -4.7–4.0 dBm, reception sensitivity: <-14.1 dBm System Functions and Features l L2 features 4-3 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description For L2 features of the ZXR10 8900E, refer to Table 4-3. Table 4-3 L2 Features Attribute Description VLAN Supports port-based, protocol-based, and subnet-based VLANs. Supports VLAN translation. Supports PVLAN. Supports super VLAN. QinQ Supports QinQ-based forwarding. Supports normal QinQ and port-based outer labels. Supports selective QinQ and stream-based outer labels. Supports selective QinQ inner priority mapping. Supports TPID modification. MAC Supports MAC address learning, aging, and solidifying. Supports static MAC address setting. Supports MAC address attack protection. Supports MAC address binding. Link Supports static link aggregation. aggregation Supports dynamic LACP. Supports stream-based load balancing Supports inter-line card link aggregation. Supports inter-rack link aggregation. L2 features Port features Supports loopback detections. Supports broadcast, multicast, and unknown unicast storm suppression. Supports layer 2 protocol protection and jumbo frame protection. Supports port flow control. Support 1-minute peak statistics. Support default shutdown of a port. ARP Supports static ARP configuration. Supports dynamic ARP learning and aging. Supports ARP agent. Supports ARP anti-attack protection. STP Supports STP, RSTP, and MSTP. Supports BPDU protection. MIRROR Supports ingress mirroring, egress mirroring, 1-to-many, many-to-1, and many-to-many mirroring, stream mirroring, and CPU mirroring. Supports RSPAN and ERSPAN. l Ethernet Supports IEEE 802.1ag. OAM Supports IEEE 802.3ah. L3 features 4-4 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 4 Technical Specifications For the L3 features of the ZXR10 8900E, refer to Table 4-4. Table 4-4 L3 Features Attribute Description IPv4 unicast Supports IPv4 unicast static routing. routing Supports RIPv1/v2, OSPFv2, IS-IS, and BGP-4. Supports policy routing and routing policies. Supports VRRP. Supports URPF. Supports ECMP. L3 features IPv6 unicast Supports the ND protocol, ND protocol protection, and IPv6 path routing MTU. Supports IPv6 static routing. Supports RIPng, OSPFv3, IS-ISv6, and BGP4+. Supports 6to4, 6in4, and ISATAP tunnels. Supports 6PE. l Multicast features For the multicastfeatures of the ZXR10 8900E, refer to Table 4-5. Table 4-5 Multicast Features Attribute Description L2 multicast Supports IGMP Snooping/proxy. Supports IGMP rate limit and IGMP rate filter. Supports MLD snooping. Supports PIM snooping Multicast Supports inter-VLAN multicast duplication. features L3 multicast Supports static multicast. Supports IGMPv1/v2/v3 and MLDv1/v2. Supports PIM-SM, PIM-SSM, PIM-DM, and MSDP. Supports Anycast RP l MPLS features For the MPLS features of the ZXR10 8900E, refer to Table 4-6. 4-5 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Table 4-6 MPLS Features Attribute Description Basic Supports LDP. features Supports RSVP/RSVP-TE. MPLS L2 Supports VPLS, VPWS, and H-VPLS (Qinq or LSP access). VPN Supports Vrf to Vrf/single-hop M-EBGP/multi-hop M-EBGP inter-domain L2 VPN deployment. Supports CE dual-PE protection. Supports UPE dual-NPE protection. MPLS MPLS L3 Supports L3 VPN FRR. VPN Supports L3 VPN ECMP. features Supports Vrf to Vrf/single-hop M-EBGP/multi-hop M-EBGP inter-domain L3 VPN deployment. Supports Multi-VRF (MCE). MPLS TE Supports static LSPs. Supports displaying LSP tunnels. Supports LSP tunnel priority/preemption/backup. Supports MPLS TE FRR. Supports MPLS L2VPN /MPLS L3VPN Over TE. Supports LDP over TE. l QoS features For the QoS features of the ZXR10 8900E, refer to Table 4-7. Table 4-7 QoS Features Attribute Description Traffic Supports traffic classification by physical port. classification Supports traffic classification by physical port and ACL. Packet Supports 802.1p priority, IP Precedence, IP DSCP, IP TOS, and re-tagging MPLS EXP re-tagging. Supports double-layer label mapping. QoS Traffic Supports incoming port CAR. policing Supports stream-based CAR. Supports incoming/outgoing traffic policing. features Supports re-tagging after traffic policing. Congestion Supports stream-based bandwidth control. control Supports RED and WRED. Queue Supports up to eight priority queues, each of which supports scheduling minimum/maximum bandwidth management. Supports SP, WRR, SP+WRR, and WDRR scheduling. 4-6 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 4 Technical Specifications Attribute l Description Traffic Supports port-based traffic shaping. shaping Supports VLAN-based traffic shaping. Service management features For the service management features of the ZXR10 8900E, refer to ZXR10 8900ETable 4-8. Table 4-8 Service Management Features Attribute Description Supports IEEE 802.1x, 802.1x Relay, 802.1x RADIUS accounting, and forcing subscribers to get offline. Supports AAA authentication. Service management Supports hierarchical subscriber management. Supports IPTV management (CAC, CDR, and UMS). Supports DHCPv4/v6 Server, DHCP v4/v6 Relay, and DHCP v4/v6 Snooping. Supports DHCP OPTION 82. l Reliability For the device and network reliability features of the ZXR10 8900E, refer to Table 4-9. Table 4-9 Reliability Features Description Attribute 8912E Device reliability 8908E MTBF 400000 hours MTTR < 30 minutes Reliability ≥ 99.999% Hot- Supported by all boards. 8905E 8902E swapping Main control 1:1 redundancy Power supply Power supply redundancy redundancy Power supply redundancy (AC: 1+1; DC: 1+1) (AC: 2+1; DC: 1+1) 4-7 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Description Attribute 8912E 8908E 8905E 8902E Supports MPLS-TE end-to-end path protection. Supports MPLS-TE FRR. Supports IP FRR. Supports LDP FRR. Supports multicast FRR. Supports Static Routing, LDP, OSPF, ISIS, BGP, RIP, VRRP, LSP, FRR, PIM DR, and Super VLAN’s BFD. Supports Graceful Restart. Supports NSF in case of active/standby switchover. Network reliability Supports VRRP, multi-backup configuration, backup priority configuration, VRRP switching authentication, and priority replacement mode. Supports VPLS ring network protection. Supports ESRP+ Ethernet ring network protection. Supports double uplink dual-home protection. Supports ECMP. Supports UDLD. Supports LLDP. Supports LACP and MC-LAG. l Security features For the security features of the ZXR10 8900E, refer to Table 4-10. Table 4-10 Security Features Attribute Description Attack Supports DOS attack prevention. prevention Supports BPDU attack prevention. Supports CPU protection. Supports ARP attack prevention. Supports MAC address flood protection. Supports IPv4 uRPF. Security Supports hierarchical command protection. features Supports abnormal and error packet protection. Supports SYN FLOOD attack prevention. Supports PING FLOOD attack prevention. Supports Ping of Death attack prevention. Supports SNMP attack prevention. Supports fake source IP address attack prevention. Supports ARP spoofing. 4-8 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 4 Technical Specifications Attribute Description CPU Supports protocol priority processing configuration. security Supports protocol protection. protection Supports filtering the packets sent to a CPU. Advanced Supports data log monitoring. security Supports automatic suppression of broadcast storms. features Supports filtering layer 2, 3 and 4 ACLs together. Supports control/signaling MD5 authentication. Supports IP source guard/DAI. Supports ND security. l Clock synchronization For the clock synchronization features of the ZXR10 8900E, refer to Table 4-11. Table 4-11 Clock Synchronization Features Attribute Description Syn- Supports port-based clock recovery. chronous Supports overall clock distribution. Ethernet Supports clock retrieval (line, external 2 Mbit/HZ, or GPS clock). Supports SSM processing. Clock synchronization IEEE Supports protocol-based clock recovery. 1588v2 Supports transparent transmission of clocks. Supports P2P and E2E modes. Supports precision time synchronization. Supports the BMC algorithm. l O&M features For the O&M features of the ZXR10 8900E, refer to ZXR10 8900ETable 4-12. Table 4-12 O&M Features Attribute Description O&M Supports the command line function. Supports hierarchical management authority. Supports password aging and confirmation. Supports control console management. Supports subscriber access service management. O&M Supports remote access by SSH, TELNET, or SNMP, and the FTP/TFTP function. Supports various alarms (sound or light). Supports the ZXNM01 unified network management system. Supports CLI and hierarchical network management. Supports subscriber access control. 4-9 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Attribute Description Supports storage and restoration configuration. Supports log management, Syslog, and REMON functions. Supports time management and NTP functions. Supports IPv6 equipment management. Supports basic MIB functions. Supports traffic statistics. Cluster ZGMP, LLDP/ZTP/ZGMP. management Traffic IPFIX, SFlow. analysis OAM Supports Ethernet OAM. Supports OAM tools (such as LSP Ping or LSP trace route). 4-10 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 5 Networking Applications Table of Contents Application in an Metro Ethernet Network ...................................................................5-1 Application in a Data Center .......................................................................................5-2 Application in Ethernet Layer 2 Convergence .............................................................5-3 Application in an Enterprise Network ..........................................................................5-4 Application in FTTx.....................................................................................................5-5 Application in a Core Network Bearer .........................................................................5-6 Application in IP RAN .................................................................................................5-7 5.1 Application in an Metro Ethernet Network The ZXR10 8900E can be deployed in the convergence layer of an Metro Ethernet network, which is uniformly borne by mobile/fixed network broadband/key customer, to satisfy the requirement for separated voice, video, data, and IPTV services. The ZXR10 8900E uses the VPN technology to implement all-service bearer and service separation, and uses ring network, various protection technologies, and OAM to provide carrier-class reliability to carriers: l l l l In MPLS-to-edge mode, it implements end-to-end separation between service and bearer to provide higher reliability and higher security. With the MPLS VPN technology, it provides different service functions over different service planes. With the MPLS TE/FRR/BFD technologies, it implements fast protective switching within 50 ms. With Ethernet OAM, it implements quick fault discovery to improve network operation and maintenance capabilities For the common networking solution of Metro Ethernet multi-service bearer, see Figure 5-1. 5-1 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Figure 5-1 Application in an Metro Ethernet Network 5.2 Application in a Data Center Due to the growing demand for broadband networks and growing number of fixed network and broadband subscribers, interactive service traffic increases dramatically, and various Internet application surges in scale. Thus, old data centers are facing higher resource and O&M demands, and the pressure of expansion, consumption, and maintenance for data center devices is great. The ZXR10 8900E has high-density 10 Gigabit ports and high-performance switching capacity, and thus can be deployed at the core/convergence layer of data centers to help reduce customer TCO and solve expansion and maintenance problems. l l l l The ZXR10 8900E has high bandwidth, high performance, and large capacity to provide a high-speed channel for data centers and cloud computing and ensure non-blocking traffic. The ZXR10 8900E has rich network management features, provides graphical network management to help data center maintenance personnel, and provides northbound interfaces to implement unified network management. As an environment-friendly product, the ZXR10 8900E uses 40 nm chips and allows line cards or ports to be enabled on demand, effectively reducing the power consumption of data center network equipment. The ZXR10 8900E integrates multiple security technologies to provide security protection from equipment level to network level. It uses firewall boards to prevent data centers from external network attacks, and uses DoS and CPU protection technologies to prevent itself from attacks. For the common network of a data center, see Figure 5-2. 5-2 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 5 Networking Applications Figure 5-2 Application in a Data Center 5.3 Application in Ethernet Layer 2 Convergence By mature commercial use, the ZXR10 8900E proves its perfect application and significance in Ethernet layer 2 convergence. Based on the ZXR10 8900E' rich Ethernet layer 2 convergence features and to meet the requirements for higher bandwidth, capacity, and convergence ratio as well as the requirements for subscriber isolation, service separation, and differentiated for multiple access modes, the ZXR10 8900E provides the following capabilities to provide powerful support for the high-speed development of carrier networks: l l l l Supports QoS to bring more precision in network resource distribution and management. Provides ring network protection on the convergence layer, and uses ZTE's ZESR+ (EAPS) Ethernet ring technology to implement 50 ms protective switching. Uses the VLAN and QinQ technologies to isolate subscribers or separate subscribers from the carrier, facilitating service plane expansion and subscriber management. Supports carrier-class switching capacity and provides T-level switching capability among all series, allowing smooth evolution to the switching capabilities at higher levels and satisfying carrier-class layer 2 convergence requirements. For the common networking solution of Ethernet layer 2 convergence, see Figure 5-3. 5-3 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Figure 5-3 Application in Ethernet Layer 2 Convergence 5.4 Application in an Enterprise Network A campus network's core layer requires high bandwidth and high-density ports. So, the whole network must support subscriber access authentication, security protection, and other security policies. The ZXR10 8900E can be deployed in the campus network's core layer to provide high-speed forwarding and service guarantee. The ZXR10 8900E’s enterprise network scenario has the following features: l l For enterprise network subscribers, it is even more important to reduce operation and maintenance costs and improve internal security. The ZXR10 8900E supports rich security features, and supports the DHCP server, and snooping functions to help subscribers to manage addresses. It also supports various authentication mechanisms such as Radius and TACACS+, and implements hierarchical authority management. It provides IP source Guard, DAI, anti-DoS attacks, and other security protection functions to minimize network attacks. It supports SQA, and learns the operational status of each application server, and thus network failures can be avoided. For information security purposes, it is essential for an enterprise network to guard against external network attacks and threats. In addition, egress traffic statistics and 5-4 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 5 Networking Applications l l control are also needed to identify illegal traffic and applications. The ZXR10 8900E provides various traffic analysis tools to implement traffic analysis, differentiated QoS, and network security protection, and finally achieve specific service control. Provides a complete set of IPv6 solutions. Through dual-stack and various v4/v6 tunneling technologies, it implements IPv4-to-IPv6 seamless transition. Supports various tunneling technologies, such as MPLS L2/L3 VPN, QinQ, and L2PT, to satisfy the requirements of isolated internal service logics for different enterprises. For the common network of an enterprise network, see Figure 5-4. Figure 5-4 Application in an Enterprise Network 5.5 Application in FTTx As subscribers' service requirements are gradually growing, higher access bandwidth and QoS are demanded, and the legacy DSL access shows inability to satisfy service development trends in the future. With the decrease in the costs of optical fibers, E-FTTx access becomes the major trend towards the future. The ZXR10 8900E supports environment-friendly E-FTTx access to satisfy both the numerous cable access requirements in the existing network and FE/GE access scenarios: l l l It has rich interface boards, and provides high-density and high-bandwidth access to sufficiently satisfy FTTx's requirements for high density and expendability. By using various QoS features, it implements control over different services and provides satisfactory user experience for short-delay and low-jitter services. It supports the SVLAN technology and can effectively isolate services and subscribers to guarantee network security. 5-5 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description l l By using the ITU-T G.8032 standard Ethernet intelligent ring protection technology, it satisfies different reliability requirements of different subscribers. The IP over DWDM technology, which is implemented based on switches, requires low costs in network establishment and maintenance, and is highly expandable. For the common network of FTTx, see Figure 5-5. Figure 5-5 Application in FTTx 5.6 Application in a Core Network Bearer The evolution from fixed core networks to softswitch is towards the all-IP trend. The mobile core network has experienced the separation of the circuit domain and the packet domain, and its bearer is more and more IP-based. As the core network is evolving, the IMS totally separates service, control, and bearer planes, and implements the integration of 2G/3G, mobile, and fixed network services. The IMS network is completely IP-based. The ZXR10 8900E can satisfy the requirements for various core networks. It acts as a PE or CR to implement carrier-class core network multi-service bearer: l l l l It supports enhanced VRRP, associates VRRP with BFD, and provides active/standby redundancy for core network elements, and thus ensure the core network reliability. It supports various FRR, and implements 50 ms fast switching by fast detection functions such as BFD. It supports Multi-VRF, and separates the traffic by service or logical interface to improve device utilization. It supports the MPLS VPN technology, implements independent management of access subscribers for different VPNs, distinguishes the routing and network topology information of different VPN subscribers, and uses traffic engineering to ensure the QoS of core network services. 5-6 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 5 Networking Applications For the common network of a core network bearer, see Figure 5-6. Figure 5-6 Application in a Core Network Bearer 5.7 Application in IP RAN IP backhaul mainly resolves the interconnection between a base station and a wireless service control point (gateway) to implement IP-based mobile voice and data service bearer. In a legacy 2G network, a BTS uses TDM E1/T1 to access the base station controller (BSC). With the development of the wireless network, IP-based Node B emerges in 3G networks to replace BTS, providing Ethernet interfaces to allow wireless traffic to access or converge on an RNC through a switch. An IP backhaul network has requirements for clock synchronization, highexpendabilityy, and high reliability. The ZXR10 8900E can be deployed at IP backhaul convergence nodes to serve the IP backhaul network. : l l l IP backhaul requires clock synchronization throughout the network. The ZXR10 8900E provides the SyncE+1588v2 solution to synchronize high-precision clock signals (such as BITS) to all base stations. A base station's access ring and convergence ring both require ring network protection. The ZXR10 8900E uses a ZESR+ (EAPS) Ethernet ring network to meet the 50 ms switching time requirement. It supports superVLAN and QinQ to relieve gateway load in case of multi-base station access, reduce IP address consumption, implement uniform management of base stations, and enhance network expendability. 5-7 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description l The ZXR10 8900E supports the VPLS/H-VPLS and MPLS L3VPN technology to better satisfy multipoint-to-multipoint access requirements. For the common network of an IP Backhaul network, see Figure 5-7. Figure 5-7 Application in IP RAN 5-8 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 6 Operation and Maintenance Table of Contents NetNumen U31 Unified Network Management Platform .............................................6-1 Maintenance and Management ..................................................................................6-2 6.1 NetNumen U31 Unified Network Management Platform With the development of all-IP technologies, the telecommunication industry is confronted with great changes towards the mainstream trend for broadband, mobility, and convergence. The all-IP network architecture requires that the existing operation and management be transformed from vertical to horizontal direction. Thus, operation costs can be reduced and O&M efficiency can be improved. Faced with the future network development trend, ZTE releases the unified network management platform NetNumen™ U31, and the sub-product NetNumen™ U31 (BN) implements unified management for all bearer network devices. The U31 not only provides multi-domain device management, but implements the convergence of element layer management and network layer management, breaking through the vertical management model and satisfying flat management requirements. Networking Mode Between the NetNumen U31 and the ZXR10 8900E, in-band or out-band management can be implemented. l In-band management In-band management means that network management information can be transferred in the same channel as service information, without the need to establish an extra DCN network. The NetNumen U31 need only be connected to a neighbor network device and configured with SNMP parameters. In-band management is flexible and does not need extra investment. However, network management information occupies the service bandwidth, and thus service quality may be affected. l Out-band management Out-band management means that network management information is separately transferred in a network management network and an extra DCN network is needed. The NetNumen U31 system is connected to the out-band management port of the 6-1 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description ZXR10 8900E, and thus network management information and service information are separately transferred. Out-band management allows network management information to be transferred more reliably, even if the service channel is interrupted. However, to build a separate network management network is restricted by region and needs extra investment. NetNumen U31 The NetNumen™ U31 (BN) is a unified management platform for all bearer network devices of ZTE. It implements integrated management of transmission, wavelength division, PTN, and IP devices (routers and switches). The U31 is located on the network element management layer or subnet management layer, and is a new-generation network management system. It provides powerful functions for managing the network element layer and network layer. The NetNumen™ U31 (BN) uses distributed, multi-process, and modular design to manage all-series bearer network devices. The U31 provides configuration, fault, performance, maintenance, path, security, system, and report management functions. It guarantees device stability, and implements management and control on network elements and regional networks. The system uses various network management technologies, and is designed and developed based on the TMN concept of ITU-T and industry-leading experience in network management software development. It provides powerful management functions and flexible networking capability. The U31 system provides the following functions for the ZXR10 8900E: l l l l l l l Fault management: Guarantees stable network operation. Performance management: Helps users to fully understand the network service status. Resource management: Helps users to use network resources properly. View management: Presents network operation status clearly. Configuration management: Helps users to deploy services quickly. Security management: Guarantees network security. Northbound interface: Helpful for integration. 6.2 Maintenance and Management Various Configuration Modes The ZXR10 8900E provides various device login and management configuration modes, which allow users to choose proper connection configuration modes according to their scenarios, and thus devices can be maintained more easily. l Serial connection configuration Serial connection configuration uses the VT100 terminal method, and the hyperterminal tool provided by the Windows operating system can be used for 6-2 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 6 Operation and Maintenance configuration. If the device is bare or without configuration or connection, this connection configuration mode must be selected. l Telnet connection configuration à Telnet to the management Ethernet port (10/100/1000Base-T) on a Telnet main control board to configure the switch. à On a VLAN interface, configure the IP address, set the username and password, and telnet to the IP address of the VLAN interface to configure the switch. When a user remotely logs into the device and communicates with the device properly, this connection configuration mode can be selected. l SSH connection configuration On the ZXR10 8900E, enable the SSH server function, and use the SSH client software to connect the IP address of the VLAN interface or management Ethernet port to configure the switch in a more secure way. If the user requires secure remote login, this connection mode can be selected. l SNMP connection configuration The back-end network management server acts as the SNMP server, and the front-end ZXR10 8900E acts as the SNMP client. The front end and back end share the same MIB, and use the network management software to manage and configure the ZXR10 8900E. This connection configuration mode helps users to effectively manage and configure network devices by using network management software. Monitoring and Maintenance The ZXR10 8900E provides various methods for monitoring, manage, and maintain devices, so that the devices can be handled properly in case of exceptions and users can learn all the parameters about the device operation. Device Monitoring l l l l l l Power supply, fan, and main control modules, and all interface boards have indicators that indicate the operational status of a component. Hot-swapping and switchover events of main control boards are recorded for users to review. Sound and message alarm are raised when a fan, power supply module, or temperature is abnormal. Version consistency is checked automatically during system operation. Board temperature is automatically monitored during system operation, and temperature control and message alarm functions are provided. Software running status is monitored by the system, and line cards are restarted or active/standby main control board switchover is performed when an exception occurs and affects the device. Management and Maintenance l Command lines provide flexible online help. 6-3 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description l l l l l l Hierarchical user authority management and hierarchical commands are provided. An information centers is supported to provide uniform management for logs, alarms, and debugging information. Switch cluster management is supported, providing a uniform channel for managing and maintaining different devices. The basic information about main control boards, interface boards, and optical modules can be queried through the CLI. A variety of information can be queried, including the version, component status, ambient temperature, CPU, and memory usage. All information can be collected with one key, and command results can be displayed on the device or outputted to a file. Hardware environment, software information, version information, data configuration, real-time operational status, and protocol information can be displayed and be automatically or manually outputted. Diagnosis and Debugging l l l l l Ping and TraceRoute: Checks whether a network connection is reachable, and records the transmission path of data packets online as a reference for locating faults. Debugging: Every software feature provides rich debugging commands, each of which supports multiple parameters that can be flexibly controlled. By using debugging commands, users can output the processing, packet sending/receiving, and error checking information about this feature. Mirroring: Supports interface-based mirroring, which means that the packets on the observed interface in the incoming, outgoing, or both directions are duplicated to the observing interface without any change. RSPAN and ERSPAN are supported for remote port mirroring. OAM: Various OAM packets are used to detect the network condition and monitor device, link, and network faults, helping users to quickly locate the faults. SQA: Various detection packets are sent to detect the online and operational statuses of most applications and services. Software Upgrade The ZXR10 8900E provides software upgrade in normal and abnormal situations. l l Version upgrade when the system is abnormal: If a device cannot be started properly, to upgrade the software version, a user can modify the BOOT mode and download the latest version through the management Ethernet port. Version upgrade when the system is normal: If a device is normal, the software version can be locally upgraded or remotely upgraded through the FTP. File System Management Overview In the ZXR10 8900E, software version files and configuration files are stored in a flash memory. During software upgrade, configuration storage need flash operations. The flash memory contains three default directories IMG, CFG, and DATA. 6-4 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 6 Operation and Maintenance l l l IMG: Stores software version files, whose extension names are .zar. Version upgrade is to modify the software version files in this directory. CFG: Stores the configuration file named startrun.dat. DATA: Stores device exception information files, in the format of “time.zte”. File System Operations l l File backup and recovery: The software version files, configuration files, and log files on the ZXR10 8900E can be backed up to a back-end server through the FTP/TFTP, or the backup files can be recovered from the server. File import and export: Files can be copied to a back-end host through the FTP/TFTP. By exporting/importing the files, users can obtain alarm files and modify configuration files. 6-5 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description This page intentionally left blank. 6-6 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 7 Protocol and Standard Compliance The ZXR10 8900E complies with the following protocols and standards (They are changed frequently, so the following are only for your reference.) Ethernet Standards For the Ethernet standards that the ZXR10 8900E complies with, refer to Table 7-1. Table 7-1 Ethernet Standards Standard No. Standard Name RFC 0826 An Ethernet Address Resolution Protocol or Converting Network Protocol Addresses to 48.bit Ethernet Address for Transmission on Ethernet Hardware RFC 1042 A Standard for the Transmission of IP Datagrams over IEEE 802 Networks RFC 3069 VLAN Aggregation for Efficient IP Address Allocation RFC 5171 Cisco Systems UniDirectional Link Detection (UDLD) Protocol IEEE 802.1ab Station and Media Access Control Connectivity Discovery IEEE 802.1d Media Access Control (MAC) Bridges. Specifies an architecture and protocol for the interconnection of IEEE 802 LANs below the MAC service boundary IEEE 802.1q IEEE Standard for Local and Metropolitan Area Networks: Virtual Bridged Local Area Networks IEEE 802.1s The amendment to IEEE Std 802.1D: Multiple Spanning Trees IEEE 802.1t 802.1D Maintenance IEEE 802.1w The amendment to IEEE Std 802.1D: Rapid Reconfiguration 7-1 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Standard No. Standard Name IEEE 802.1ap Management Information Base (MIB) definitions for VLAN Bridges IEEE 802.2 IEEE Standards for Local Area Networks: Logical Link Control (LLC) IEEE 802.3 IEEE Standards for Local Area Networks: Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Access, Method and Physical Layer Specifications IEEE 802.3ad Link Aggregation Control Protocol IEEE 802.3ae 10 Gbit/s Ethernet Standard IEEE 802.3af PoE(Power-over-Ethernet) IEEE 802.3ag Connectivity Fault Management IEEE 802.3ah Ethernet First Mile IEEE 802.3z Gigabit fiber IP Standards For the IP standards that the ZXR10 8900E complies with, refer to Table 7-2. Table 7-2 IP Standards Standard No. Standard Name RFC 791 Internet Protocol RFC 1122 Requirements for Internet Hosts - Communication Layers RFC 1812 Requirements for IP Version 4 Routers RFC 1981 Path MTU Discovery for IP version 6 RFC 2292 Advanced Sockets API for IPv6 RFC 2373 IP Version 6 Addressing Architecture RFC 2374 An IPv6 Aggregatable Global Unicast Address Format RFC 2375 IPv6 Multicast Address Assignments RFC 2460 Internet Protocol, Version 6 (IPv6) Specification RFC 2461 Neighbor Discovery for IP Version 6 (IPv6) RFC 2462 IPv6 Stateless Address Autoconfiguration RFC 2464 Transmission of IPv6 Packets over Ethernet Networks RFC 2472 IP Version 6 over PPP 7-2 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 7 Protocol and Standard Compliance Standard No. Standard Name RFC 3306 Unicast-Prefix-based IPv6 Multicast Addresses RFC 4193 Unique Local IPv6 Unicast Addresses UDP Standards For the UDP standards that the ZXR10 8900E complies with, refer to Table 7-3. Table 7-3 UDP Standards Standard No. Standard Name RFC 0768 User Datagram Protocol TCP Standards For the TCP standards that the ZXR10 8900E complies with, refer to Table 7-4. Table 7-4 TCP Standards Standard No. Standard Name RFC 0793 TRANSMISSION CONTROL PROTOCOL RFC 2001 TCP Slow Start, Congestion Avoidance,Fast Retransmit, and Fast Recovery Algorithms RFC 2385 Protection of BGP Sessions via the TCP MD5 Signature Option RFC 2581 TCP Congestion Control RFC 2988 Computing TCP's Retransmission Timer RFC 4987 TCP SYN Flooding Attacks and Common Mitigations ICMP Standards For the ICMP standards that the ZXR10 8900E complies with, refer to Table 7-5. Table 7-5 ICMP Standards Standard No. Standard Name RFC 0792 Internet Control Message Protocol RFC 2463 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification RFC 4950 ICMP Extensions for Multiprotocol Label Switching SOCKET Standards For the SOCKET standards that the ZXR10 8900E complies with, refer to Table 7-6. 7-3 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Table 7-6 SOCKET Standards Standard No. Standard Name RFC 2553 Basic Socket Interface Extensions for IPv6 Tunneling Standards For the tunneling standards that the ZXR10 8900E complies with, refer to Table 7-7. Table 7-7 Tunneling Standards Standard No. Standard Name RFC 2473 Generic Packet Tunneling in IPv6 Specification RFC 2784 Generic Routing Encapsulation (GRE) RFC 2890 Key and Sequence Number Extensions to GRE RFC 2893 Transition Mechanisms for IPv6 Hosts and Routers RFC 3056 Connection of IPv6 Domains via IPv4 Clouds RFC 4214 Intra-Site Automatic Tunnel Addressing Protocol SSH Standards For the SSH standards that the ZXR10 8900E complies with, refer to Table 7-8. Table 7-8 SSH Standards Standard No. Standard Name RFC 4250 The Secure Shell (SSH) Protocol Assigned Numbers RFC 4251 The Secure Shell (SSH) Protocol Architecture RFC 4252 The Secure Shell (SSH) Authentication Protocol RFC 4253 The Secure Shell (SSH) Transport Layer Protocol RFC 4254 The Secure Shell (SSH) Connection Protocol RFC 4255 Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints RFC 4256 Generic Message Exchange Authentication for the Secure Shell Protocol (SSH) RFC 4335 The Secure Shell (SSH) Session Channel Break Extension RFC 4344 The Secure Shell (SSH) Transport Layer Encryption Modes RFC 4345 Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol 7-4 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 7 Protocol and Standard Compliance Standard No. Standard Name RFC 4419 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol RFC 4432 RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol RFC 4462 Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol RFC 4716 The Secure Shell (SSH) Public Key File Format RFC 4742 Using the NETCONF Configuration Protocol over Secure SHell (SSH) RFC 4819 Secure Shell Public Key Subsystem draft-ylonen-ssh-protocol-00 The SSH (Secure Shell) Remote Login Protocol draft-ietf-secsh-architecture-14 SSH Protocol Architecture draft-ietf-secsh-assignednumbers-05-from-04.diff SSH Protocol Assigned Numbers SFTP Standards For the SFTP standards that the ZXR10 8900E complies with, refer to Table 7-9. Table 7-9 SFTP Standards Standard No. Standard Name draft-ietf-secsh-filexfer-13 SSH File Transfer Protocol RIP Standards For the RIP standards that the ZXR10 8900E complies with, refer to Table 7-10. Table 7-10 RIP Standards Standard No. Standard Name RFC 1058 Routing Information Protocol (RIP) RFC 1722 RIP Version 2 Protocol Applicability Statement RFC 1724 DRAFT STANDARD RFC 1923 RIPv1 Applicability Statement for Historic Status RFC 2080 RIPng support RFC 2081 RIPng Protocol Applicability Statement RFC 2453 RIP Version 2 OSPF Standards For the OSPF standards that the ZXR10 8900E complies with, refer to Table 7-11. 7-5 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Table 7-11 OSPF Standards Standard No. Standard Name RFC 1131 OSPF specification RFC 1242 OSPF specification Benchmarking terminology for network interconnection devices RFC 1245 OSPF Protocol Analysis RFC 1246 Experience with the OSPF Protocol RFC 1247 OSPF Version 2 RFC 1248 OSPF Version 2 Management Information Base RFC 1252 OSPF Version 2 Management Information Base RFC 1253 OSPF Version 2 Management Information Base RFC 1364 BGP OSPF Interaction RFC 1370 Applicability Statement for OSPF RFC 1403 BGP OSPF Interaction RFC 1583 OSPF Version 2 RFC 1584 Multicast Extensions to OSPF RFC 1585 MOSPF: Analysis and Experience RFC 1586 Guidelines for Running OSPF Over Frame Relay Networks RFC 1587 The OSPF NSSA Option RFC 1765 OSPF Database Overflow RFC 1793 Extending OSPF to Support Demand Circuits RFC 1850 OSPF Version 2 Management Information Base RFC 2154 OSPF with Digital Signatures RFC 2178 OSPF Version 2 RFC 2328 OSPF Version 2 RFC 2329 OSPF Standardization Report RFC 2370 The OSPF Opaque LSA Option RFC 2676 QoS Routing Mechanisms and OSPF Extensions RFC 2740 OSPF for IPv6 (OSPFv3) RFC 2844 OSPF over ATM and Proxy-PAR RFC 3101 The OSPF NSSA Option RFC 3137 OSPF Stub Router Advertisement 7-6 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 7 Protocol and Standard Compliance Standard No. Standard Name RFC 3509 Alternative Implementations of OSPF Area Border Routers RFC 3623 OSPF Graceful Restart RFC 3630 Traffic Engineering Extensions to OSPF RFC 3883 Detecting Inactive Neighbors over OSPF Demand Circuits (DC) RFC 4061 Benchmarking Basic OSPF Single Router Control Plane Convergence RFC 4062 OSPF Benchmarking Terminology and Concepts RFC 4063 Considerations When Using Basic OSPF Convergence Benchmarks RFC 4136 OSPF Refresh and Flooding Reduction in Stable Topologies RFC 4167 Graceful OSPF Restart Implementation Report RFC 4222 Prioritized Treatment of Specific OSPF Version 2 Packets and Congestion Avoidance RFC 4552 Authentication/Confidentiality for OSPFv3 RFC 4577 OSPF as the Provider/Customer Edge Protocol for BGP/MPLS IP Virtual Private Networks (VPNs) RFC 4750 OSPF Version 2 Management Information Base RFC 4811 OSPF Out-of-Band Link State Database (LSDB) Resynchronization RFC 4812 OSPF Restart Signaling RFC 4813 OSPF Link-Local Signaling RFC 4915 Multi-Topology (MT) Routing in OSPF RFC 4940 IANA Considerations for OSPF RFC 4970 Extensions to OSPF for Advertising Optional Router RFC 5340 OSPF for IPv6 (OSPFv3) RFC 5643 Management Information Base for OSPFv3 BGP Standards For the BGP standards that the ZXR10 8900E complies with, refer to Table 7-12. 7-7 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Table 7-12 BGP Standards Standard No. Standard Name RFC 1265 BGP Protocol Analysis RFC 1266 Experience with the BGP Protocol RFC 1321 The MD5 Message-Digest Algorithm RFC 1403 BGP OSPF Interaction RFC 1772 Application of the Border Gateway Protocol in the Internet RFC 1773 Experience with the BGP-4 protocol RFC 1774 BGP-4 Protocol Analysis RFC 1930 Guidelines for creation, selection, and registration of an Autonomous System (AS) RFC 1997 BGP Community Attribute RFC 1998 An Application of the BGP Community Attribute in Multi-home Routing RFC 2270 Using a Dedicated AS for Sites Homed to a Single Provider RFC 2385 Protection of BGP Sessions via the TCP MD5 Signature Option RFC 2439 BGP Route Flap Damping RFC 2519 A Framework for Inter-Domain Route Aggregation RFC 2545 BGP support IPV6 RFC 2918 Route Refresh Capability for BGP-4 RFC 3107 Carrying Label Information in BGP-4 RFC 3562 Key Management Considerations for the TCP MD5 Signature Option RFC 4271 A Border Gateway Protocol 4 (BGP-4) RFC 4272 BGP Security Vulnerabilities Analysis RFC 4273 Definitions of Managed Objects for BGP-4 RFC 4274 BGP-4 Protocol Analysis RFC 4275 BGP-4 MIB Implementation Survey RFC 4276 BGP 4 Implementation Report RFC 4277 Experience with the BGP-4 Protocol RFC 4360 BGP Extended Communities Attribute RFC 4364 BGP/MPLS IP Virtual Private Networks 7-8 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 7 Protocol and Standard Compliance Standard No. Standard Name RFC 4365 Applicability Statement for BGP/MPLS IP Virtual Private Networks (VPNs) RFC 4382 MPLS/BGP Layer 3 Virtual Private Network (VPN) Management information Base RFC 4451 BGP MULTI_EXIT_DISC (MED) Considerations RFC 4456 BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP) RFC 4486 Subcodes for BGP Cease Notification Message RFC 4724 Graceful Restart Mechanism for BGP RFC 4760 Multiprotocol Extensions for BGP-4 RFC 4781 Graceful Restart Mechanism for BGP with MPLS RFC 4798 Connecting IPv6 Islands over IPv4 MPLS using IPv6 Provider Edge Routers (6PE) RFC 5065 Autonomous System Confederations for BGP RFC 5492 Capabilities Advertisement with BGP-4 IS-IS Standards For the IS-IS standards that the ZXR10 8900E complies with, refer to Table 7-13. Table 7-13 IS-IS Standards Standard No. Standard Name RFC 1142 OSI IS-IS Intra-domain Routing Protocol ISO 10589 IS-IS intra-domain routing protocol RFC 1195 Use of OSI Is-Is for Routing in TCP/IP and Dual nvironments RFC 2104 HMAC: Keyed-Hashing for Message Authentication RFC 2973 Support IS-IS Mesh Groups RFC 3258 Distributing Authoritative Name Servers via Shared Unicast Addresses RFC 3277 IS-IS Transient Blackhole Avoidance RFC 3359 Reserved Type, Length and Value (TLV) Codepoints in Intermediate System to Intermediate System RFC 3719 Recommendations for Interoperable Networks using IS-IS 7-9 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Standard No. Standard Name RFC 3787 Recommendations for Interoperable IP Networks using IS-IS RFC 4444 Management Information Base for Intermediate System to Intermediate System (IS-IS) RFC 4972 Routing Extensions for Discovery of Multiprotocol (MPLS) Label Switch Router (LSR) Traffic Engineering (TE) Mesh Membership RFC 5029 Definition of an IS-IS Link Attribute Sub-TLV RFC 5120 M-ISIS: Multi Topology (MT) Routing in Intermediate System to Intermediate Systems (IS-ISs) RFC 5130 A Policy Control Mechanism in IS-IS Using Administrative Tags RFC 5308 Routing IPv6 with IS-IS RFC 5309 Point-to-Point Operation over LAN in Link State Routing Protocols RFC 5310 IS-IS Generic Cryptographic Authentication Multicast Standards For the multicast standards that the ZXR10 8900E complies with, refer to Table 7-14. Table 7-14 Multicast Standards Standard No. Standard Name RFC 1112 Host Extensions for IP Multicasting RFC 2236 Internet Group Management Protocol, Version 2 RFC 2710 Multicast Listener Discovery (MLD) for IPv6 RFC 3376 Internet Group Management Protocol, Version 3 RFC 3446 Anycast Rendevous Point (RP) mechanism using Protocol Independent Multicast (PIM) and Multicast Source Discovery Protocol (MSDP) RFC 3569 An Overview of Source-Specific Multicast (SSM) RFC 3618 Multicast Source Discovery Protocol (MSDP) RFC 3810 Multicast Listener Discovery Version 2 (MLDv2) for IPv6 RFC 3956 Embedding the Rendezvous Point (RP) Address in an IPv6 Multicast Address 7-10 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 7 Protocol and Standard Compliance Standard No. Standard Name RFC 3973 Protocol Independent Multicast - Dense Mode(PIM-DM):Protocol Specification (Revised) RFC 4541 Considerations for Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Snooping Switches RFC 4601 Protocol Independent Multicast - Sparse Mode (PIM-SM): Protocol Specification (Revised) RFC 4604 Using Internet Group Management Protocol Version 3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for Source-Specific Multicast RFC 5059 Bootstrap Router (BSR) Mechanism for Protocol Independent Multicast (PIM) draft-rosen-vpn-mcast-8 Multicast in MPLS-BGP IP VPNs MPLS Standards For the MPLS standards that the ZXR10 8900E complies with, refer to Table 7-15. Table 7-15 MPLS Standards Standard No. Standard Name RFC 2205 Resource ReSerVation Protocol (RSVP) - Version 1 Functional Specification RFC 2209 Resource ReSerVation Protocol (RSVP) - Version 1 Message Processing Rules RFC 2210 The Use of RSVP with IETF Integrated Services RFC 2702 Requirements for Traffic Engineering Over MPLS RFC 2747 RSVP Cryptographic Authentication RFC 2961 RSVP Refresh Overhead Reduction Extensions RFC 3031 Multiprotocol Label Switching Architecture RFC 3032 MPLS Label Stack Encoding RFC 3037 LDP Applicability RFC 3107 Support BGP carry Label for MPLS RFC 3209 RSVP-TE Extensions to RSVP for LSP Tunnels RFC 3210 Applicability Statement for Extensions to RSVP for LSP-Tunnels RFC 3215 LDP State Machine 7-11 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Standard No. Standard Name RFC 3270 Multi-Protocol Label Switching (MPLS) Support of Differentiated Services RFC 3272 Overview and Principles of Internet Traffic Engineering RFC 3443 Time To Live (TTL) Processing in Multi-Protocol Label Switching (MPLS) Networks RFC 3469 Framework for Multi-Protocol Label Switching (MPLS)-based Recovery RFC 3478 Graceful Restart Mechanism for LDP RFC 3479 Fault Tolerance for the Label Distribution Protocol (LDP) RFC 3612 Applicability Statement for Restart Mechanisms for the Label Distribution Protocol (LDP) RFC 4023 Encapsulating MPLS in IP or Generic Routing Encapsulation (GRE) 2005-12-07 RFC 4090 Fast Reroute Extensions to RSVP-TE for LSP Tunnels RFC 4124 Protocol Extensions for Support of DS-TE RFC 4125 Maximum Allocation Bandwidth Constraints Model for Diffserv-aware MPLS Traffic Engineering RFC 4126 Max Allocation with Reservation Bandwidth Constraints Model for Diffserv-aware MPLS Traffic Engineering & Performance Comparisons RFC 4127 Generalized MPLS Signaling - RSVP-TE Extensions RFC 4182 Removing a Restriction on the use of MPLS Explicit NULL RFC 4197 Requirements for Edge-to-Edge Emulation of Time Division Multiplexed (TDM) Circuits over Packet Switching Networks RFC 4221 Multiprotocol Label Switching (MPLS) Management Overview RFC 4379 Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures RFC 4447 Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) 7-12 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 7 Protocol and Standard Compliance Standard No. Standard Name RFC 4448 Encapsulation Methods for Transport of Ethernet over MPLS Networks RFC 4558 Node-ID Based Resource Reservation Protocol (RSVP) Hello RFC 4874 Exclude Routes - Extension to RSVP-TE RFC 4905 Encapsulation Methods for Transport of Layer 2 Frames Over MPLS Networks RFC 4906 Transport of Layer 2 Frames Over MPLS draft-ietf-mpls-lsp-ping-version-09 Detecting Multi-Protocol Label Switched (MPLS) Data Plane Failures draft-ietf-ccamp-inter-domain-framework-04 Mechanisms for Inter-AS or Inter-Domain Traffic Engineering draft-minei-diffserv-te-multi-class-02 Extensions for Differentiated Services-aware Traffic Engineered LSPs LDP Standards For the LDP standards that the ZXR10 8900E complies with, refer to Table 7-16. Table 7-16 LDP Standards Standard No. Standard Name RFC 3037 LDP Applicability RFC 3215 LDP State Machine RFC 3478 Graceful Restart Mechanism for LDP–GR helper RFC 3479 Fault Tolerance for the Label Distribution Protocol (LDP) RFC 3612 Applicability Statement for Restart Mechanisms for the Label Distribution Protocol (LDP) RFC 4447 Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP) RFC 4762 Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling RFC 5036 LDP Specification RFC 5037 Experience with the Label Distribution Protocol (LDP) RSVP-TE Standards For the RSVP-TE standards that the ZXR10 8900E complies with, refer to Table 7-17. 7-13 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Table 7-17 RSVP-TE Standards Standard No. Standard Name RFC 2430 A Provider Architecture for Differentiated Services and Traffic Engineering (PASTE) RFC 2702 Requirements for Traffic Engineering over MPLS RFC 2747 RSVP Cryptographic Authentication RFC 3209 RSVP Cryptographic Authentication RFC 3209 Extensions to RSVP for Tunnels RFC 4090 Fast reroute Extensions to RSVP-TE for LSP Tunnels VPLS Standards For the VPLS standards that the ZXR10 8900E complies with, refer to Table 7-18. Table 7-18 VPLS Standards Standard No. Standard Name RFC 4761 Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling RFC 4762 Virtual Private LAN Service (VPLS) Using Label Distribution Protocol (LDP) Signaling RFC 4664 Framework for Layer 2 Virtual Private Networks (L2VPNs) RFC 4665 Service Requirements for Layer 2 Provider-Provisioned Virtual Private Networks NTP Standards For the NTP standards that the ZXR10 8900E complies with, refer to Table 7-19. Table 7-19 NTP Standards Standard No. Standard Name RFC 1305 Network Time Protocol (Version 3) Specification, Implementation and Analysis RFC 4330 Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI IPV6 Standards For the IPV6 standards that the ZXR10 8900E complies with, refer to Table 7-20. 7-14 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 7 Protocol and Standard Compliance Table 7-20 IPV6 Standards Standard No. Standard Name RFC 1886 DNS Extensions to Support IP version 6 RFC 1887 An Architecture for IPv6 Unicast Address Allocation RFC 1970 Neighbor Discovery for IP Version 6 (IPv6) RFC 2023 IP Version 6 over PPP RFC 2373 IP Version 6 Addressing Architecture RFC 2374 An IPv6 Aggregatable Global Unicast Address Format RFC 2375 IPv6 Multicast Address Assignments RFC 2452 MIB for TCP6 RFC 2454 MIB for UDP6 RFC 2460 Internet Protocol, Version 6 (IPv6) Specification RFC 2461 Neighbor Discovery for IP Version 6 (IPv6) RFC 2462 IPv6 Stateless Address Auto configuration RFC 2463 Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification RFC 2464 Transmission of IPv6 Packets over Ethernet Networks RFC 2470 Transmission of IPv6 Packets over Token Ring Networks RFC 2472 IP Version 6 over PPP RFC 2473 Generic Packet Tunneling in IPv6 Specification RFC 2529 Transmission of IPv6 over IPv4 Domains without Explicit Tunnels RFC 2893 Transition Mechanisms for IPv6 Hosts and Routers RFC 3056 Connection of IPv6 Domains via IPv4 Clouds RFC 3363 Representing Internet Protocol version 6 (IPv6) Addresses in the Domain Name System (DNS) RFC 3493 Basic Socket Interface Extensions for IPv6 RFC 3513 IP Version 6 Addressing Architecture RFC 3542 Advanced Sockets API for IPv6 RFC 3587 An Aggregatable Global Unicast Address Format 7-15 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Standard No. Standard Name RFC 3775 Mobility Support in IPv6 IPSec Standards For the IPSec standards that the ZXR10 8900E complies with, refer to Table 7-21. Table 7-21 IPSec Standards Standard No. Standard Name RFC 2104 HMAC: Keyed-Hashing for Message Authentication RFC 2401 Security Architecture for the Internet Protocol RFC 2402 IP Authentication Header RFC 2403 The Use of HMAC-MD5-96 within ESP and AH RFC 2404 The Use of HMAC-SHA-1-96 within ESP and AH RFC 2405 The ESP DES-CBC Cipher Algorithm With Explicit IV RFC 2406 IP Encapsulating Security Payload (ESP) RFC 2407 The Internet IP Security Domain of Interpretation for ISAKMP RFC 2408 Internet Security Association and Key Management Protocol(ISAKMP) RFC 2409 The Internet Key Exchange (IKE) RFC 2410 The NULL Encryption Algorithm and Its Use With IPsec RFC 2412 The OAKLEY Key Determination Protocol RFC 2451 The ESP CBC-Mode Cipher Algorithms RADIUS Standards For the RADIUS standards that the ZXR10 8900E complies with, refer to Table 7-22. Table 7-22 RADIUS Standards Standard No. Standard Name RFC 2865 Remote Authentication Dial In User Service (RADIUS) RFC 2866 RADIUS Accounting RFC 2867 RADIUS Accounting Modifications for Tunnel Protocol Support RFC 2868 RADIUS Attributes for Tunnel Protocol Support 7-16 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 7 Protocol and Standard Compliance Standard No. Standard Name RFC 2869 RADIUS Extensions RFC 3162 RADIUS and IPv6 RFC 3576 Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS) RFC 3580 IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) RFC 4590 RADIUS Extension for Digest Authentication RFC 4675 RADIUS Attributes for Virtual LAN and Priority Support RFC 4679 DSL Forum Vendor-Specific RADIUS Attributes TACACS+ Standards For the TACACS+ standards that the ZXR10 8900E complies with, refer to Table 7-23. Table 7-23 TACACS+ Standards Standard No. Standard Name draft-grant-tacacs-02 The TACACS+ Protocol Version 1.78 Differentiated Services Standards For the differentiated services standards that the ZXR10 8900E complies with, refer to Table 7-24. Table 7-24 Differentiated Services Standards Standard No. Standard Name RFC 2474 Definition of the DS Field the IPv4 and IPv6 Headers(Rev) RFC 2597 Assured Forwarding PHB Group (rev3260) RFC 2598 An Expedited Forwarding PHB RFC 3140 Per-Hop Behavior Identification Codes VRRP Standards For the VRRP standards that the ZXR10 8900E complies with, refer to Table 7-25. Table 7-25 VRRP Standards Standard No. Standard Name RFC 2787 Definitions of Managed Objects for the Virtual Router Redundancy Protocol 7-17 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Standard No. Standard Name RFC 3590 Source Address Selection for the Multicast Listener Discovery (MLD) Protocol RFC 3768 Virtual Router Redundancy Protocol RFC 3810 Multicast Listener Discovery Version 2 (MLDv2) for IPv6 RFC 4007 IPv6 Scoped Address Architecture RFC 4193 Unique Local IPv6 Unicast Addresses RFC 4291 IPv6 Addressing Architecture RFC 4659 BGP-MPLS IP Virtual Private Network(VPN) Extension for IPv6 VPN RFC 5072 IP Version 6 over PPP DHCP Standards For the DHCP standards that the ZXR10 8900E complies with, refer to Table 7-26. Table 7-26 DHCP Standards Standard No. Standard Name RFC 1533 DHCP Options and BOOTP Vendor ExtensionsClass-identifier RFC 1534 Interoperation Between DHCP and BOOTP RFC 2131 Dynamic Host Configuration Protocol RFC 2132 DHCP Options and BOOTP Vendor Extensions RFC 3046 DHCP Relay Agent Information Option RFC 3396 Encoding Long Options in the Dynamic Host Configuration Protocol (DHCPv4) BFD Standards For the BFD standards that the ZXR10 8900E complies with, refer to Table 7-27. Table 7-27 BFD Standards Standard No. Standard Name draft-ietf-bfd-base-09 Bidirectional Forwarding Detection draft-ietf-bfd-generic-05 Generic Application of BFD draft-ietf-bfd-mib-07 BFD Management Information Base draft-ietf-bfd-mpls-07 BFD For MPLS LSPs draft-ietf-bfd-multihop-07 BFD for Multihop Paths 7-18 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 7 Protocol and Standard Compliance Standard No. Standard Name draft-ietf-bfd-v4v6-1hop-09 BFD for IPv4 and IPv6 (Single Hop) draft-ietf-pwe3-vccv-bfd-05 Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity Verification (VCCV) draft-palanivelan-bfd-v2-gr-01 BFD with Graceful Restart Network Management Standards For the network management standards that the ZXR10 8900E complies with, refer to Table 7-28. Table 7-28 Network Management Standards Standard No. Standard Name ITU-T M.3000 Overview of TMN recommendations ITU-T M.3010 Principles for a Telecommunications management network ITU-T M.3016 TMN security overview ITU-T M.3020 TMN Interface Specification Methodology ITU-T M.3100 Generic Network Information Model ITU-T M.3001 Managed Object Conformance Statements for the Generic Network Information Model ITU-T M.3200 TMN management services and telecommunications managed areas: overview ITU-T M.3300 TMN F interface requirements ITU-T M.3400 TMN Management Function TU-T Temporary Document 69 (IP Experts) Revised draft document on IP access network architecture ITU-T X.701-X.709 Systems Management framework and architecture ITU-T X.710-X.719 Management Communication Service and Protocol ITU-T X.720-X.729 Structure of Management Information ITU-T X.730-X.799 Management functions RFC 1157 Simple Network Management Protocol RFC 1213 Management Information Base for Network Management of TCP/IP based internets: MIB-II RFC 1215 A Convention for Defin-ing Traps for use with the SNMP 7-19 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Standard No. Standard Name RFC 1493 Definitions of Managed Objects for Bridges RFC 1558 A String Representation of LDAP Search Filters RFC 1657 BGP4-MIB RFC 1724 RIPv2-MIB RFC 1757 Remote Network Monitoring Management Information Base RFC 1777 Lightweight Directory Access Protocol RFC 1778 The String Representation of Standard Attribute Syntaxes RFC 1850 OSPF-MIB RFC 1901 Introduction to Community-based SNMPv2 RFC 1902 Structure of Management Information for Version 2 of the Simple Network Management Protocol (SNMPv2) RFC 1903 Textual Conventions for Version 2 of the Simple Network Management Protocol (SNMPv2) RFC 1905 Protocol Operations for Version 2 of the Simple Network Management Protocol (SNMPv2) RFC 1907 Management Information Base for Version 2 of the Simple Network Management Protocol (SNMPv2) RFC 1959 An LDAP URL Format RFC 2011 SNMPv2 MIB for IP RFC 2012 SNMPv2 MIB for TCP RFC 2013 SNMPv2 MIB for UDP RFC 2037 Entity MIB using SMIv2 RFC 2096 IP-FORWARD-MIB RFC 2138 RADIUS RFC 2206 RSVP-MIB RFC 2233 The Interface Group MIB using SMIv2 RFC 2251 Lightweight Directory Access Protocol (v3) RFC 2271 An Architecture for Describing SNMP Management Frameworks RFC 2273 SNMPv3 Applications 7-20 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Chapter 7 Protocol and Standard Compliance Standard No. Standard Name RFC 2452 IPv6 Management Information Base for theTransmission Control Protocol RFC 2454 IPv6 Management Information Base for the User Datagram Protocol RFC 2465 Management Information Base for IP Version 6: Textual RFC 2571 An Architecture for Describing SNMP Management Frameworks RFC 2572 Message Processing and Dispatching for the imple Network Management Protocol (SNMP) RFC 2574 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) RFC 2863 The Interfaces Group MIB RFC 2987 VRRP-MIB RFC 3014 NOTIFICATION-LOGMIB RFC 3019 IP Version 6 Management Information Base for The Multicast Listener Discovery Protocol RFC 3164 The BSD syslog Protocol RFC 3291 Textual Conventions for Internet Network Addresses RFC 4293 Management Information Base for the Internet Protocol (IP) GB901 A Service management Business Process Model GB908 Network Management Detailed Operations Map GB909 Generic Requirements for Telecommunications Management Building Blocks GB910 Telecom Operations Map GB914 System Integration Map GB917 SLA Management Handbook V1.5 NMF037 Sub-System Alarm Surveillance Ensemble V1.0 NMF038 Bandwidth Management Ensemble V1.0 TMF053 NGOSS Architecture Technology Neutral Specification V1.5 TMF053A NGOSS Architecture Technology Neutral Specification V1.5 7-21 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Standard No. Standard Name TMF053B NGOSS Architecture Technology Neutral Specification V1.5 TMF508 Connection and Service Management Information Model Business Agreement TMF605 Connection and Service Management Information Model TMF801 Plug and Play Service Fulfillment Phase 2 Validation Specification V1.0 TMF816 B2B Managed Service for DSL Interface Implementation Specification V1.5 TMF821 IP VPN Management Interface Implementation Specification V1.5 YD/T 852-1996 Telecommunication Management Network (TMN) General Design Principles YD/T 871-1996 Telecommunication Management Network (TMN) General Information Model YD/T XXXX-2001 Broadband MAN Overall Technology Requirements YD/T XXXX-2001 IP Network Technology Requirements: Network Performance Specifications and Availability YD/T XXXX-2001 IP Network Technology Requirements: Network Overview YDN 075-1998 China Public Multimedia Communications Network Management Specification YDN 075-1998 China Public Multimedia Communications Network Management Specification FTP/TFTP Standards For the FTP/TFTP standards that the ZXR10 8900E complies with, refer to Table 7-29. Table 7-29 FTP/TFTP Standards Standard No. Standard Name RFC 1350 The TFTP PROTOCOL (REVISION 2) RFC 4217 Securing FTP with TLS 7-22 SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Figures Figure 1-1 ZXR10 8900E Series Products ................................................................ 1-2 Figure 3-1 ZXR10 8912E Overview........................................................................... 3-1 Figure 3-2 ZXR10 8912E Structure ........................................................................... 3-2 Figure 3-3 ZXR10 8908E Overview........................................................................... 3-2 Figure 3-4 ZXR10 8908E Structure ........................................................................... 3-3 Figure 3-5 ZXR10 8905E Overview........................................................................... 3-3 Figure 3-6 ZXR10 8905E Structure ........................................................................... 3-4 Figure 3-7 ZXR10 8902E Overview........................................................................... 3-4 Figure 3-8 ZXR10 8902E Structure ........................................................................... 3-4 Figure 3-9 8912E/8908E/8905E Main Control Board Diagram .................................. 3-6 Figure 3-10 8902E Main Control Board Diagram....................................................... 3-6 Figure 3-11 Framework of the New-generation ZXROS Software Platform System ................................................................................................. 3-10 Figure 5-1 Application in an Metro Ethernet Network ................................................ 5-2 Figure 5-2 Application in a Data Center .................................................................... 5-3 Figure 5-3 Application in Ethernet Layer 2 Convergence........................................... 5-4 Figure 5-4 Application in an Enterprise Network........................................................ 5-5 Figure 5-5 Application in FTTx .................................................................................. 5-6 Figure 5-6 Application in a Core Network Bearer ...................................................... 5-7 Figure 5-7 Application in IP RAN............................................................................... 5-8 I SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Figures This page intentionally left blank. II SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Tables Table 3-1 8900E Interface Board Types .................................................................... 3-8 Table 4-1 Basic Features and Physical Specifications of the Device ......................... 4-1 Table 4-2 Optical and Electrical Interface Features ................................................... 4-2 Table 4-3 L2 Features ............................................................................................... 4-4 Table 4-4 L3 Features ............................................................................................... 4-5 Table 4-5 Multicast Features ..................................................................................... 4-5 Table 4-6 MPLS Features ......................................................................................... 4-6 Table 4-7 QoS Features............................................................................................ 4-6 Table 4-8 Service Management Features.................................................................. 4-7 Table 4-9 Reliability Features.................................................................................... 4-7 Table 4-10 Security Features .................................................................................... 4-8 Table 4-11 Clock Synchronization Features............................................................... 4-9 Table 4-12 O&M Features ......................................................................................... 4-9 Table 7-1 Ethernet Standards ................................................................................... 7-1 Table 7-2 IP Standards ............................................................................................. 7-2 Table 7-3 UDP Standards ......................................................................................... 7-3 Table 7-4 TCP Standards.......................................................................................... 7-3 Table 7-5 ICMP Standards ........................................................................................ 7-3 Table 7-6 SOCKET Standards .................................................................................. 7-4 Table 7-7 Tunneling Standards ................................................................................. 7-4 Table 7-8 SSH Standards ......................................................................................... 7-4 Table 7-9 SFTP Standards........................................................................................ 7-5 Table 7-10 RIP Standards ......................................................................................... 7-5 Table 7-11 OSPF Standards ..................................................................................... 7-6 Table 7-12 BGP Standards ....................................................................................... 7-8 Table 7-13 IS-IS Standards ....................................................................................... 7-9 Table 7-14 Multicast Standards ............................................................................... 7-10 Table 7-15 MPLS Standards ................................................................................... 7-11 Table 7-16 LDP Standards ...................................................................................... 7-13 Table 7-17 RSVP-TE Standards.............................................................................. 7-14 Table 7-18 VPLS Standards.................................................................................... 7-14 Table 7-19 NTP Standards...................................................................................... 7-14 III SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description Table 7-20 IPV6 Standards ..................................................................................... 7-15 Table 7-21 IPSec Standards ................................................................................... 7-16 Table 7-22 RADIUS Standards................................................................................ 7-16 Table 7-23 TACACS+ Standards............................................................................. 7-17 Table 7-24 Differentiated Services Standards.......................................................... 7-17 Table 7-25 VRRP Standards ................................................................................... 7-17 Table 7-26 DHCP Standards................................................................................... 7-18 Table 7-27 BFD Standards...................................................................................... 7-18 Table 7-28 Network Management Standards .......................................................... 7-19 Table 7-29 FTP/TFTP Standards ............................................................................ 7-22 IV SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Glossary AAA - Authentication, Authorization and Accounting ACL - Access Control List ARP - Address Resolution Protocol ASIC - Application Specific Integrated Circuit BFD - Bidirectional Forwarding Detection BGP - Border Gateway Protocol CAC - Channel Access Control CDR - Call Detail Record CVLAN - Customer Virtual Local Area Network DDoS - Distributed Denial of Service DHCP - Dynamic Host Configuration Protocol DWRR - Deficit Weighted Round Robin FMC - Fixed Mobile Convergence FRR - Fast Reroute GPS - Global Positioning System HVPLS - Hierarchical Virtual Private LAN Service ICMP - Internet Control Message Protocol V SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description IGMP - Internet Group Management Protocol IPTV - Internet Protocol Television IS-IS - Intermediate System-to-Intermediate System LACP - Link Aggregation Control Protocol LSP - Label Switched Path MAC - Media Access Control MLD - Multicast Listener Discovery MPLS - Multiprotocol Label Switching MSDP - Multicast Source Discovery Protocol OAM - Operation, Administration and Maintenance OPEX - Operating Expenditure OSPF - Open Shortest Path First PIM - Protocol Independent Multicast PVLAN - Private Virtual Local Area Network QoS - Quality of Service RADIUS - Remote Authentication Dial In User Service RED - Random Early Detection RIP - Routing Information Protocol RIPng - Routing Information Protocol next generation VI SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential Glossary SNMP - Simple Network Management Protocol SP - Strict Priority SSH - Secure Shell SVLAN - Service Virtual Local Area Network SVLAN - Selective Virtual Local Area Network TACACS+ - Terminal Access Controller Access-Control System Plus TE - Traffic Engineering TTL - Time To Live VLAN - Virtual Local Area Network VLL - Virtual Leased Line VPLS - Virtual Private LAN Service VPN - Virtual Private Network VPWS - Virtual Private Wire Service VRF - Virtual Route Forwarding Table VRF - Virtual Route Forwarding VRRP - Virtual Router Redundancy Protocol WRED - Weighted Random Early Detection WRR - Weighted Round Robin ZESR - ZTE Ethernet Switch Ring VII SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential ZXR10 8900E Product Description ZESS - ZTE Ethernet Smart Switch VIII SJ-20121213142710-002|2013-6-24 (R1.0) ZTE Proprietary and Confidential