zxr10 3900a product description - liberty · pdf filezte confidential proprietary © 2010...

ZXR10 3900A Product Description

ZXR10 3900A 3200A Product Description

ZTE Confidential Proprietary © 2010 ZTE Corporation. All rights reserved. I

ZXR10 3900A Product Description

Version Date Author Approved By Remarks

© 2009 ZTE Corporation. All rights reserved.

ZTE CONFIDENTIAL: This document contains proprietary information of ZTE and is not to be disclosed or used without the prior written permission of ZTE.

Due to update and improvement of ZTE products and technologies, information in this document is subjected to change without notice.


II © 2010 ZTE Corporation. All rights reserved. ZTE Confidential Proprietary

TABLE OF CONTENTS

1 Overview ..................................................................................................................... 1

2 Highlight Features ...................................................................................................... 1 2.1 SVLAN ......................................................................................................................... 1 2.2 ACL and QOS .............................................................................................................. 2 2.3 Innovative VCT ............................................................................................................ 2 2.4 VBASE implements accurate user location ................................................................. 2 2.5 Support for IPTV .......................................................................................................... 3 2.6 ZESR protection .......................................................................................................... 4 2.7 Security feature ............................................................................................................ 4 2.8 PoE feature .................................................................................................................. 4

3 Functionality ............................................................................................................... 5 3.1 STP/RSTP ................................................................................................................... 5 3.2 Link Aggregation .......................................................................................................... 5 3.3 Broadcast/Multicast limit .............................................................................................. 6 3.4 Port Loop Detect .......................................................................................................... 6 3.5 Port Mirroring ............................................................................................................... 6 3.6 PVLAN ......................................................................................................................... 6 3.7 VLAN Translation ......................................................................................................... 7 3.8 Q IN Q .......................................................................................................................... 7 3.9 IGMP SNOOPING ....................................................................................................... 8 3.10 802.1X .......................................................................................................................... 8 3.11 ACL .............................................................................................................................. 9 3.12 QoS ............................................................................................................................ 10 3.12.1 QoS Back ground ...................................................................................................... 10 3.12.2 QoS Function Requirements ..................................................................................... 10 3.12.3 Service Modle ............................................................................................................ 12 3.12.4 QoS Technology For ZXR10 3900A Series Switch ................................................... 14 3.12.5 Qos Applictaion .......................................................................................................... 22 3.13 VRRP ......................................................................................................................... 23 3.14 IP SUPPORT PROTOCOL ........................................................................................ 24 3.15 RIP ............................................................................................................................. 24 3.16 OSPF ......................................................................................................................... 25 3.17 IS-IS ........................................................................................................................... 26 3.18 BGP ........................................................................................................................... 26 3.19 IP MULTICASTING ROUTE ...................................................................................... 27 3.20 DHCP ......................................................................................................................... 28 3.21 Statistics And Alarm Subsystem ................................................................................ 28 3.22 Maintenance and Management ................................................................................. 28 3.23 SNMP ......................................................................................................................... 29

4 System Architecture ................................................................................................ 31 4.1 Product Physical Structure ........................................................................................ 31 4.2 Hardware Architecture ............................................................................................... 32 4.2.1 System Hardware Structure ....................................................................................... 32 4.2.2 Switch and Control Module ........................................................................................ 33 4.2.3 Control Module .......................................................................................................... 34 4.2.4 Switch Module ........................................................................................................... 34 4.2.5 Power Module ............................................................................................................ 35 4.2.6 Interface Module ........................................................................................................ 35 4.3 Software Architecture ................................................................................................ 38


ZTE Confidential Proprietary © 2010 ZTE Corporation. All rights reserved. III

4.3.1 Overview .................................................................................................................... 38 4.3.2 Descriptions of Layers ............................................................................................... 42 4.3.3 Function Module ........................................................................................................ 43

5 Operation and Maintenance .................................................................................... 52 5.1 Physical Indexes ........................................................................................................ 52 5.2 Capacity ..................................................................................................................... 52 5.3 Power ......................................................................................................................... 53 5.4 Working Environment ................................................................................................ 53 5.5 Reliability .................................................................................................................... 53

6 Typical Networking (Optional) ................................................................................ 54

7 Acronyms and Abbreviations ................................................................................. 55


IV © 2010 ZTE Corporation. All rights reserved. ZTE Confidential Proprietary

FIGURES

Figure 1 FIFO Scheduling .......................................................................................................... 16 Figure 2 SP Scheduling ............................................................................................................. 16 Figure 3 WRR Scheduling .......................................................................................................... 17 Figure 4 DWRR Scheduling ....................................................................................................... 17 Figure 5 Relationship between WRED and the Queue Mechanism .......................................... 18 Figure 6 Processing of Traffic Control in CIR ............................................................................ 19 Figure 7 TS Processing .............................................................................................................. 20 Figure 8 QOQ Processing of the ZXR10 3900A Series Switch ................................................. 21 Figure 9 VOIP Support ............................................................................................................... 22 Figure 10 ZXR10 3952A front panel ............................................................................................ 31 Figure 11 ZXR10 3928A/3928A-PS front panel ........................................................................... 31 Figure 12 ZXR10 3928A-FI front panel ........................................................................................ 31 Figure 13 Functional Block Diagram for the Hardware of the ZXR10 3900A .............................. 33 Figure 14 Functional Block Diagram of the Main Control Board .................................................. 34 Figure 15 AC power supply panel for ZXR10 3900A ................................................................... 35 Figure 16 DC power supply panel for ZXR10 3900A ................................................................... 35 Figure 17 Redundant DC power Module for ZXR10 3900A ........................................................ 35 Figure 18 Functional Block Diagram for the 2-Port GE Interface Board ...................................... 36 Figure 19 Panel of the 2-Port GE Optical Interface Board ........................................................... 36 Figure 20 Fig 1 2-port GE Optical Interface Card Panel .............................................................. 37 Figure 21 1-port GE optical + 1 port GE Electrical Interface Card. .............................................. 38 Figure 22 2-Port 100M SFP Interface .......................................................................................... 38 Figure 23 Functional Block Diagram for the Operation Support Subsystem ............................... 40 Figure 24 Functional Block Diagram of the L2 Subsystem .......................................................... 41 Figure 25 Functional Block Diagram of the L3 Subsystem .......................................................... 42 Figure 26 Functional Modules of the Software the ZXR10 3900A............................................... 43 Figure 27 Functional Block Diagram of the Unicast Routing Protocol Subsystem ...................... 48 Figure 28 MAN networking application ........................................................................................ 54

TABLES

Table 1 Features of front panel of fast Ethernet electrical board of ZXR10 3900A .................. 32 Table 2 Indicators on panel of ZXR10 3900A ........................................................................... 32 Table 3 Features of the 12-Port GE Optical Interface Board .................................................... 36 Table 4 Functions of the Indicators on the Panel of the 2-Port GE Interface Board ................ 37 Table 5 Physical Indexes .......................................................................................................... 52 Table 6 Capacity ....................................................................................................................... 52 Table 7 Power ........................................................................................................................... 53 Table 8 Working Environment .................................................................................................. 53 Table 9 Reliability ...................................................................................................................... 53 Table 10 Acronyms and Abbreviations ....................................................................................... 55


ZTE Confidential Proprietary © 2010 ZTE Corporation. All rights reserved. 1

1 Overview Oriented to the access layers of the enterprise networks and broadband IP MANs, ZXR10 3900A series medium/low-end L3 intelligent Ethernet switches provide a medium/low density of Ethernet ports, making them most suitable to be used as user-side access devices for intelligent community, office buildings, hotels, college campuses and enterprise networks (government networks), or as convergence devices for small networks to provide users with high-speed, efficient and high cost-effective convergence solution.

By using latest and leading ASIC hardware forwarding technology in the industry, most forwarding features are performed by hardware, which ensures the port with wire-speed forwarding capability. Within the ASIC, L2 switching, IPv4 routing and the flow filtering of L2-L7 are performed at wire-speed.

2 Highlight Features

2.1 SVLAN SVLAN is also called flexible QinQ. It’s the development and enhancement of QinQ. Original QinQ can only implement port-based outer layer label addition. It’s not flexible in application. SVLAN can tag packets with different S-Tag label selectively based on port and C-Tag. To keep client packet COS, it can duplicate 802.1p field in inner layer label to outer layer label to keep user QoS continuity.

Compared with QinQ, SVLAN has enhanced function of network user location, which enables QinQ to better support PUPV (one VLAN per user) and PSPV (one VLAN per service). It is easy for carrier’s operation and maintenance management. The most typical application is Triple Play service in broadband to the home.

SVLAN can perfectly solve the problem of user location separation and service differentiation in broadband network. It can implement operation and maintenance management for one VLAN per user, which brings great convenience to network management and maintenance. ZTE is always an advocator of this technology and takes the leading position in the industry.

ZXR10 39A/32A series switch supports SVLAN with the following applications and functions:

Being able to distinguish different service VLAN at one port and tag different outer layer label based on different service requirements.

Being able to implement coexistence of VLAN transparent transmission and QinQ service at port; being able to keep user label unchanged without adding new label to user label when some VLAN packets are going through switch.

Being able to duplicate 801.1p field in user label to outer layer label to guarantee that user’s service level is kept unchanged in QinQ network so as to keep the consistency of QoS of user service.


2 © 2010 ZTE Corporation. All rights reserved. ZTE Confidential Proprietary

IEEE802.1ad specifies that S-Tag Ethernet type is 0x88A8 and C-Tag Ethernet type is 0x8100. ZTE switch supports C-Tag and S-Tag Ethernet type at any designated port.

SVALN has two major applications in the network:

SVLAN is applied in user location separation and service differentiation in network and Triple Play service in family broadband. SVALN QinQ can solve traditional 4096 VLAN resource shortage problem so as to truly implement PUPV and PSPV.

2.2 ACL and QOS ZXR10 3900A supports rich ACL and QoS features including ingress and egress ACL control, which powerfully guarantees network security and stable traffic.

2.3 Innovative VCT VCT (Virtual Cable Test) is a cable fault testing function based on hardware. It uses TDR (Time Domain Reflector) to implement cable diagnosis. It can provide cable error state such as open circuit, short circuit, un-matching impedance, normal cable etc. It can provide cable fault point distance.

ZTE ZXR10 39A/32A series Ethernet switch uses VCT to maintain cable from remote. It can measure faults of short circuit and broken circuit with fault point error within 1 meter. ZXR10 39A/32A series Ethernet switch can automatically get rid of user-side configuration error factors by VCT cable test, so as to further locate the specific device, port and fault cable distance. Most faults can be located and removed at network management center to reduce network maintenance workload, so as to reduce the difficulty and cost of operation and maintenance.

2.4 VBASE implements accurate user location VBAS is the short form for Virtual Broadband Access Server. It is a kind of query protocol expanded between IP-DSLAM and BRAS device.

The implementation principle is that L2 point-to-point communication between BRAS and IP-DSLAM. That is to say, port information query and responding packets are directly encapsulated in L2 Ethernet data frame. Configure DSLAM corresponding to VLAN on BAS. Initiate VBAS during PPPoE calling process. That is to say, mapping user band VLAN to corresponding DSLAM. BAS actively initiate user line identity query to DSLAM, which provides BAS with responding user line identity. The local 39A/32A series switch is DSLAM device.

VBAS interaction process and implementation steps are as follows:

User host broadcasting session initiates data packets to request for link establishment and waits for BAS to respond.

One or multiple BAS send service providing data packets to user host if they can provide service when they receive broadcasting.



User host picks out a BAS based on certain principle and sends unicast session to request for data packets.

The selected BAS generates a sole Session ID after it receives requesting of data packets by session. It enters into PPP session phase after is sends acknowledgement data packets to user host.

After it sends acknowledgement data packets, BAS sends BVAS requesting data packets to DSLAM to query which physical port of DSLAM does user host MAC address is from.

DSLAM sends BVAS responding data packets to BAS after it receives VBAS requesting data packets. The corresponding relationship between user host MAC address and DSLAM physical port is returned.

User host holds PPP session with BAS based on Session ID after it receives acknowledge packet of selected BAS. It sends identity authentication requesting packet to BAS by LCP in a point-to-point way.

BAS sends authentication requesting packets to background authentication system of broadband access service provider such as Radius Server. Authentication requesting information contains user account, password, and the physical port it locates at.

Background authentication system (such as Radius Server) returns BAS authentication result responding packet.

BAS returns user host authentication result responding packet.

PPP connection is established if authentication is passed. The two parties can implement PPP data transmission.

ZTE ZXR10 39A/32A series Ethernet switch VBAS protocol has advantages as follows:

No need for hardware upgrade. Only software upgrade is needed for exiting IP DSLAM and BRAS with the least modifications.

Only port naming is implemented for IP DSLAM. No complicated configuration for BRAS is needed. Light workload.

No need to change the existing networking. Prior investment is protected with continuity.

User and IP DSLAM physical port are bound. Real-time Internet access information of user can be obtained and user port state can be obtained in advance.

2.5 Support for IPTV As one of the key technologies of ZTE IPTV system architecture, controllable multicast mainly implements at broadband access network side. The device implementing multicast controlling policy (BRAS, DSLAM or switch) is called multicast controlling point, which works as the terminating point of user multicast IGMP request and determines whether to duplicate multicast stream to user port based on corresponding IGMP request and control policy. The multicast controlling point near user saves more network bandwidth. As the key device implementing multicast controlling policy, multicast controlling point supports the following features: IGMP V1/V2, IGMP Snooping, IGMP



Filter, IGMP Proxy, IGMP Fast leave, MVR (Multicast VLAN Register), SGR (Static Group Register), UGAC (User Group Access Control), UGAR (User Group Access Record) etc. Multicast on demand authority of user can be controlled by rule and channel binding.

2.6 ZESR protection Improved based on EAPS principle of RFC3619 protocol, ZESR(ZTE Ethernet Switch Ring)detects whether the ring is connected and guarantees there is only one logically connected path between any two nodes on the ring. It re-sets port state as blocked or forwarding based on ring changes (connected -> broken, broken -> connected) to quickly switch the logic path.

ZESR is suitable for multiple rings and multiple domains. Multiple rings is referred to in terms of network topology layers. Each layer is a ring. There are two access points on lower layer access ring to connect with higher layer access ring. The network topology is considered as an individual ring. A ring tangent with it is not a part of it but a part of another. The ring on the higher layer is called the main ring. Others are access rings. Multiple domains indicates there are multiple protecting instances on one ring which are suitable for different service VLAN. They have different logic paths and are independent from each other.

2.7 Security feature ZXR103900 provides users with rich security features, providing multi-dimensional protection in control layer, data layer, and management layer of the device. On data layer, the device provides address change scanning attack prevention, broadcast multicast packet rate restriction, port security protection, MAC address table and ARP binding, DHCP Snooping, IDS association etc. The control layer provides multiple layers of CPU packet receiving, interface address conflict detection, network topology change attack prevention, BPDU protection and root bridge protection, and routing protocol encryption anti-attack protection. Management layer provides hierarchical user management, user password encryption, and SSH.

2.8 PoE feature 3928A-PS supports POE,IEEE 802.3af, power <30W every port. Max support port number 24. The whole support power 750W.



3 Functionality

3.1 STP/RSTP STP is used to detect and eliminate the loops between the L2 switching functional units, and provide redundancy links, for enhanced performance and reliability of the LAN.

This module performs the following two major functions:

1) Avoids network loop, prevents LAN broadcast storm due to such loop, and provides redundant paths for backup

2) Detects the changes of the topology structure, and configures the spanning tree topology again according to the change so detected

After the switch in a subnet executes the STP, it will form a spanning tree dynamic topology structure, where there is no loop between any workstations in the LAN, thus preventing broadcast storm. At the same time, the STP also detects the changes of the topology, and creates a new spanning tree when the topology changes, providing some fault tolerance and allowing the re-configuration of the topology of the spanning tree. According to the status information of the dynamic topology of the spanning tree, the switch maintains and updates the MAC routing table, and finally implements routing on the MAC layer.

The STP is designed to allow the switch to dynamically detect one loop-less sub-set (tree) of the topology and ensure adequate connectivity, so that there is always a path between two LANs as long as physically possible. According to the principles of the graph theory, any route graph containing nodes and connection nodes has a spanning tree of the routes that ensure the connectivity to the destination but have no loop. Therefore, the spanning tree algorithm and protocol can avoid loops in any dynamic topology, and can eliminate those loops between any two workstations.

The Multiple Spanning Tree Protocol (MSTP) defined by IEEE802.1s is compatible with the RSTP defined by IEEE802.1w and the common STP defined by IEEE802.1D. Therefore, the spanning tree module only needs to implement the MSTP. When MSTP is enabled, it can be forcedly set to RSTP or STP, so mixed networking applications of STP and RSTP are supported. In addition, there is the need for supporting the enabling of SPT on the aggregated links and supporting the enabling of STP based on ports.

The ZXR10 3900A support STP, RSTP, and MSTP, as well as the mixed network applications described above

3.2 Link Aggregation Link aggregation is the process where the physical link segments with the same media type and same transmission rate are bundled together, and appear as one link logically. It allows the parallel physical links between the switches or between the switches and servers to multiplying the bandwidth. As a result, it becomes an import technology in broadening link bandwidth and creating link transmission flexibility and redundancy. In



Gigabit Ethernet, link aggregation can be used to create multi gigabit connections. It can also be used to create faster logic links in fast Ethernet. Link aggregation offers good protection, since the communication can be rapidly switched to the normal links when some links fail.

The ZXR10 3900A implement the Link Aggregation Control Protocol (LACP) defined by the IEEE802.3ad, support link aggregation for FE and GE ports, and 10G ports

3.3 Broadcast/Multicast limit Broadcast or unknown multicast is within VLAN by default. In this way data forwarding burden is VLAN is heavy with bandwidth occupied, which will impact other network devices. Broadcast and multicast storm suppression can effectively prevent this.

3.4 Port Loop Detect Self loop detect aims to solve the problem of self loop header plugged in network device port. In network maintenance, self loop header is often plugged in for test and then forgot to be plugged out so that receiving and sending are connected on optical interface to form a ring and forgot to be cancelled. This may cause MAC address learning error and broadcast storm. And this cannot be detected by STP. Loopback detection sends detecting packets outwards via each port. Suppose a port is plugged with a self loop header, packets will be forwarded back unchanged. Uplink device can detect this packet and determine that self looping occurs on the device uplink to the port. The uplink device generates alarm by log. It takes or doesn’t take measures to block the port based on administrator’s configuration to prevent the problem from spreading.

3.5 Port Mirroring Port mirroring can automatically copy the traffic of one port to another, so that the network administrator can real-timely analyze the port traffic for detecting network fault, offering a monitoring means for network management personnel. For the ZXR10 3900A, any port can be configured as a mirror port. Mirroring is also possible between the ports operating at different rates. It is also possible to mirror the traffic of multiple ports to one port, and mirroring can be enabled in multiple mirror groups

3.6 PVLAN All the servers are in one sub-net, but they can only communicate with their default gateways. This new VLAN feature is Private VLAN. In the concept of Private VLAN, there are three types of ports of the switch: Isolated port, Community port and Promiscuous port. They correspond to different VLAN types respectively: Isolated port belongs to Isolated PVLAN, Community port belongs to Community PVLAN, while Primary VLAN represents one complete Private VLAN. The first two types of VLANs must be bound with it, and it also includes Promiscuous port. In the Isolated PVLAN, an isolated port can only communicate with a Promiscuous port, but it cannot exchange traffic with another isolated port. In the Community PVLAN, a Community port can communicate with not only a Promiscuous port but also another Community port. The



Promiscuous port is connected to an interface of a router or L3 switch. The traffic it receives can be sent to the Isolated port or Community port.

The application of the PVLAN is very effective in ensuring the security of the data communication in the network. A user only needs to connect its default gateway. One PVLAN can provide connections with L2 data communication security without multiple VLAN and IP subnet. All the users are connected to the PVLAN, so they are connected to the default gateway, without access between any other users in the PVLAN. The PVLAN function ensures that the ports on one VLAN do not communicate with each other, but they can pass through the Trunk port. This way, even the broadcast of one user in a VLAN will not affect another user in the same VLAN.

The PVLAN does not need the support of the protocol packets, and this can be implemented on the ZXR10 3900A simply through static configuration

3.7 VLAN Translation VLAN translation is also an expansion of the VLAN function. If one port of the switch has the VLAN translation function enabled, the incoming data streams from that port must be tagged. The VLAN translation function looks up in the MAC - VLAN table for a new VID by using the VID contained in the port No. + tag as the index, and then the data traffic will be exchanged in the new VLAN. This is the process of translation from one VLAN to another.

The VLAN translation itself does not need the support of the protocol packets, and it can be implemented on the ZXR10 3900A simply through static configuration. However, it should be noted that if the VLAN translation function is started, the VLANs cannot be differentiated based on MAC addresses. On the contrary, if the VLANs need to be differentiated based on MAC addresses, the VLAN translation function should be disabled.

3.8 Q IN Q QinQ, also known as multi-layer VLAN tag stacking, is a vivid name for the tunnel protocol based on 802.1Q encapsulation. Its core idea is to encapsulate the private VLAN tag into the public VLAN tag, so the packets pass through the backbone network with two tags, offering the users with a simple L2 VPN tunnel. The QinQ protocol is a simple while easy to manage protocol, since it does not require the support of the protocol packets, but can be implemented through static configuration only, making it especially suitable for the switches on the convergence layer. By supporting QinQ (double tags), the switches on the convergence layer can effectively increase the number of VLANs in the MAN.

At present, IEEE is developing the specification for VLAN stacking, that is, 802.1ad-Provider Bridge. The external layer VLAN is defined as Service VLAN-SVLAN, which is still a draft now.

In the software system of the 3900A, the QinQ software function module only implements the static configuration of the QinQ, and then the chip must be set correctly. In QinQ, there are two forms of VLANs:

SVLAN (Service VLAN): VLAN defined on the backbone network



CVLAN (Customers VLAN): User-defined VLAN

The QinQ software function module has one attribute added in the VLAN table, to indicate whether the VLAN is a SVLAN or CVLAN, and the bottom-layer driver interface function is used to set the QinQ function of the chip

3.9 IGMP SNOOPING The IGMP Snooping maintains the relationship between the multicast address and the table of the LAN by listening to the IGMP packets communicated between the user and the router. It maps the members of a multicast group into a VLAN. After receiving the multicast packets, it forwards them only to the VLAN members in that multicast group. IGMP Snooping and IGMP are the same in that they are both used for managing and controlling the multicast groups through IGMP messages. However, they differ in that IGMP runs on the network layer, while IGMP Snooping runs on the link layer. When the switch receives IGMP packets, IGMP Snooping will parse the information contained in them and establish and maintain a MAC multicast address table on L2.

When IGMP Snooping is enabled on the ZXR10 3900A, multicast packets are multicast on L2. When no IGMP Snooping is enabled, multicast packets will be broadcast on L2.

3.10 802.1X The 802.1X is a Client/Server-based access control and authentication protocol. It authenticates the user devices connected to the system ports and determines whether to allow the users to access the services provided by the system through the ports, to prevent unauthorized data transfer between the users and the services provided by the system. The access control of the 802.1X first only allows the EAPOL frames to pass the ports to which the user devices are connected. Other data are not allowed to pass the ports unless the authentication is passed.

With the 802.1X, the access point at which the authenticator system is connected to the LAN has two logical ports: Controlled port and uncontrolled port. Disregard of its authentication status, an uncontrolled port can freely exchange PDUs with other systems. A controlled port can exchange PDUs with other systems only when its status is authenticated. The PAE is an entity that runs and authenticates the related algorithms and protocols. The supplicant PAE responds to the requests from the authenticator PAE, providing the authentication information. The authenticator PAE communicates with the supplicant PAE, and sends the information received from the supplicant PAE to the authentication server, which checks such information to determine whether to allow the supplicant to access its services. The authenticator PAE relies on the authentication result to control the authorized and unauthorized status of the controlled port. The authenticator PAE exchanges protocols with the supplicant PAE via the controlled port and by using the EAPOL protocol, while communicating with the RADIUS server by using the EAPOR.

The 802.1X module performs the following functions:

• Supports the functions available for the authenticator

• Local authentication



• Allows the authenticator PAE to perform protocol exchange via the uncontrolled port and EAPOL

• Supports operation with the uncontrolled port by using the AuthControlledPortControl with the parameters of ForceUnauthorized, Auto, and ForceAuthorized

• Supports operation with the uncontrolled port with parameters of both AdminControlledDirections and OperControlledDirextions

• Supports periodic re-authentication of the supplicant by using a re-authentication timer

• Supports transparent transmission of 802.1x authentication packets when no authentication is enabled

3.11 ACL To filter data, a series of matching rules need to be configured for network device to identify the objects needs filtering. When particular object is identified, corresponding data packets are permitted or prohibited based on the pre-set policy. ACL (Access Control List) can implement all these functions. Adopting packet filtering, ACL reads information in header of packets of L2, L3 and L4 such as source address, destination address, source port, and destination port. It filters packets based on the pre-defined rules and implements access control.

Usually ACL is adopted to implement data packets filtering, policy routing and special traffic control. An ACL contains one or multiple rules for special types of data packets. The rules inform switch whether to permit or reject data packets that match the selecting standards specified in the rules. The data packets matching rules defined by ACL can be imported to other occasions where traffic needs classifying, for example, in QoS to define the traffic classification rules.

The ACL of ZXR10 39A/32A switch falls into four categories: standard ACL, expanded ACL, L2 ACL, and hybrid ACL.

Standard ACL only filters L3 IP source addresses. In practice, most ACLs are filtered based on IP resource addresses. The limitation for standard ACL is that it can only filter source IP address. If the network administrator wants to restrict the access of employees for Internet resource of particular websites or TCP ports, he cannot achieve this by standard ACL. He has to choose other types of ACL.

The expanded ACL filters the header fields of the IP, TCP, UDP, and ICMP protocols. These fields include source IP address, destination IP address, protocol No., ToS, Precedence, DSCP, and Fragment. The fields of the TCP header include source port, destination port and Established. The fields of the UDP header include source port and destination port. The fields of the ICMP header include Type and Code. The expanded ACL meets more complicated requirements and makes smaller traffic classification by filtering the multiple fields in the L3 and L4 packets. Thus this type of ACL can be applied in QoS traffic classification.



L2 ACL mainly filters the fields in the L2 header, including source MAC, destination MAC, Ethernet protocol type, VLAN label and VLAN priority. L2 ACL is mainly used in the access control on the same network segment. When it is not necessary to know the IP address or a protocol rather than the IP is used, some network resources can be protected by filtering the L2 MAC addresses and VLAN labels.

The hybrid ACL is capable of filtering packet headers of L2, L3 and L4. The fields filtered on L2 include VLAN label, source MAC address and destination MAC address. The fields filtered on L3 include source IP address, destination IP address, and IP protocol ID. The fields filtered on L4 include source port and destination port. The hybrid ACL combines the characteristics of the expanded ACL and L2 ACL. The filtering based on the IP address and MAC address bound together can be used to further implement controlled access to the network resources.

3.12 QoS

3.12.1 QoS Back ground

The Internet nowadays serves in the best-effort model. That is, service flows have to compete for network resources on “equal footing”, and the router handles all IP packets on the First Come First Service (FCFS) basis, delivering the packets in its best effort to the destination. This model however provides no assurance to the reliability and delay of IP packets delivery, making it adequate for such services as Email, Ftp and WWW.

With the fast progress of the Internet, IP services are also developing rapidly and becoming diversified than ever before. Especially noteworthy is the rise of multimedia services. In this trend, the computer is staying closer to people’s life instead of being confined to a means of data processing, while computer interactions are getting more real-time and dynamic. This raises a higher demand to the computer interconnection network. For those applications with bandwidth, delay and delay jitter requirements, existing best-effort services are falling far behind. Given the development of network technologies evidenced by significantly greater network bandwidth and speed, the volume of data requiring network transmission is growing at a speed parallel to or even higher than the network, leaving a bottleneck in both network bandwidth and speed. On the other hand, new applications mushrooming in recent years (such as multimedia applications and multicast applications) add to network traffic. In addition, these applications have transformed the nature of existing traffic on the Internet, as they pose brand new requirements on the services. Without QoS assurance characteristic, without reserved bandwidth, and without network delay limited, the network cannot support such applications as VoIP and videoconference which are sensitive to network bandwidth, delay and jitter, and packet loss ratio

3.12.2 QoS Function Requirements

QoS aims at providing end-to-end service quality control or assurance to the subscribers. The QoS means that the network elements (such as applications, host or network equipment) can ensure their traffic and service requirements can be satisfied at an appropriate level. QoS can control the network applications and meet the requirements of a number of network applications, as it for example is capable of the following:



• Resources control: It can limit the FTP bandwidth on the backbone network, and provide database access with a higher priority.

• Scalable services: For Internet Service Providers (ISP), their users may need to send voice, video or other real-time services, which can be differentiated by QoS for the ISP to provide different services.

• Co-existence of multiple requirements: It provides time-sensitive multimedia services with bandwidth and low-delay assurance, keeping these services unaffected by the network use of other services.

Instead of creating bandwidth, QoS only controls the bandwidth based on application requirements and network status. QoS has a set of performance parameters, such as:

• Service availability: The reliability of the connection from the user to the Internet.

• Transmission delay: The time interval of sending/receiving data packets between two reference points.

• Variable delay: Also called delayed jitter, which refers to the time difference between the data packets of a data flow group sent on the same route.

• Throughput: The rate of data packet sending on the network, which can be expressed in average rate or peak rate.

• Packet loss ration: The highest rate of data packet loss of data packets loss transmitted on the network. Data packet loss usually results from network congestion.

To ensure the subscribers to get appropriate QoS from the ISP, the subscriber must enter into the Service Level Agreement (SLA) with the ISP, and the ISPs must enter into the Traffic Condition Agreement (TCA) among ISPs. The SLA specifies the ToSs to be supported by the ISP to the client network and the number of traffics of each category. The TCA specifies the conventions for the data flows between ISPs.

This way, when a data flow enters the DS area, the entry node serves as the classifier and conditioner to them, and saves the state information of the flows (micro-flow or aggregate flow). It also performs metering, marking, shaping, and dropping to the flows according to the flow specifications agreed with the subscribers beforehand, ensuring the input flows to conform to the SLA. At the same time, it also marks the DSCP value on the packet header, and adds it into the corresponding Behavior Aggregate (BA). The exit node may also need to condition the output traffic, ensuring it to conform to the TCA of the downstream DS area.

In the QoS domain, network elements provide the following functions for meeting the above objectives:

• Packet Classification and coloring

• Traffic policing



• Traffic shaping

• Congestion avoidance

• Queue management and scheduling

3.12.3 Service Modle

One way to realize QoS is allocate resources to each data flow according to the SLA requirements. This bandwidth allocation method in “resource reservation” does not fit the Best Effort applications. In consideration of limited bandwidth resources, the QoS designer employs the priority concept, providing appropriate assurance to the data flow transmission of the Best Effort service after resource reservation. Therefore IP QoS consists of two basic types:

• Resource-based reservation: Network resources are allocated, and resource management strategies are formulated according to the QoS requirements of a service. The Integrated Services (IntServ) architecture proposed by the Internet Engineering Task Force (IETF) is based on such strategy, and its core is the Resource Reservation Protocol (RSVP).

• Priority-based reservation: The edge network node performs Classification, shaping and labeling to the traffic. The core node allocates resources based on the resources management strategy, providing priority processing to the services of high QoS requirements. Differentiated Services (DiffServ) as proposed by IETF is based on such strategy.

These QoS methods can be used to a single data flow or aggregate flow. Depending on the data flows of the application, IP QoS can be classified as follows:

• For single data flow: A single data flow is an individual and unidirectional data flow between two applications (sender and receiver), which can be classified with the five parameters of transmission protocol, source address, source port number, destination address, and destination port number.

• For aggregate flow: The flow is composed of two or more single data flows, which are in common in one or more parameters, labels, and authentication information.

To address IP QoS, IETF has come up with a number of service models and mechanisms, such as the following:

• IntServ/RSVP: RSVP signaling is used to submit flow transmission specification (Flowspec) to the network, and establish and remove the traffic status on the transmission path. The host and network node establish and maintain traffic status information. Although RSVP is often used in single flows, it is also used in resource reservation of aggregate flows.

• DiffServ: In the DiffServ network, the boundary router classifies subscriber flows into different levels according to their stream profile, before aggregating them into



aggregate flows. The aggregate information is saved in the DS label area of the IP packet header, referred to as the DS label (Differentiated Services Code Point (DSCP). Internal nodes provide the scheduling and forwarding service of different quality for different DSCPs.

• Multi Protocol Label Switch (MPLS): Bandwidth management of aggregate flows is provided via network path control according to the packet header label.

• Subnet Bandwidth Management (SBM): Used in the classification and priority arrangement of the OSI L2 (data link layer), for sharing and exchanging with the IEEE 802 network.

Theoretically, the IntServ/RSVP model can provide adequate QoS assurance to the IP network. However subsequent experiments on the web reveal obvious limits of such model, which are mostly found as follows: In addition to poor expandability, it requires that the core network equipments must keep the status of each individual data flow passing through it, a requirement intolerable by the core network equipment. Although RSVP is supported by most network equipment manufacturers and hosts, and widely accepted, it has never become the mainstream because:

• Poor expandability: Expandability is the most fatal defect in the IntServ/RSVP model. On one hand, its flow-based resource reservation, scheduling processing, and buffer management are conducive to providing QoS assurance. But on the other, with the status information volume growing with the traffic growth, all the routers on the way have to maintain a “soft status” for each data flow. This poses a mission impossible for a carrier-class network, as the storage units of network equipments can only save a limited amount of soft status information.

• Excessive requirement on network equipments: All the network equipments on the network must support RSVP signaling protocol, and connected with the control program, classifier and scheduler.

• The per-flow state introduced in RSVP: For data communication and real-time communication, the IP network plays at the same time two different roles of being oriented to connectionless network and connected network to provide two functions, which conflicts the simple design philosophy.

• Resource reservation does not apply to such short time flows as the Web flow which however has exceeded 50% in the Internet.

• IntServ/RSVP is also found with contradictions between resource reservation and routing protocols. In terms of routing, it may appear a good path, but it may not be the case for resource reservation. For the lack of enough resources to reserve, no path can be established for the data flow. Therefore the process can only hold at the point and wait until the application process is removed due to upper-level timeout, and proceed until a new path is created.

Therefore, it is difficult to realize the IntServ QoS assurance, as it requires flow-based complex resource reservation, admission control, QoS routing and scheduling



mechanism. On networks so complex and large as the Internet, link status tend to be uncertain, making it hard to effectively reserve bandwidth resources. And resource reservation itself conflicts with the top feature “connectionless” of the IP network. More importantly, IntServ is faced with the scalability problem and robustness problem, because the transmission flow state that is dynamic and reproducible can hardly be kept consistent in the distributed network environment.

The top merits of DiffServ are simplicity, effectiveness, and high scalability. Its implementation features that the aggregate mechanism joins traffics of the same characteristics to serve the entire aggregate flow, rather than a single one. In other words, the per-flow state is maintained at the DiffServ network boundary equipments and the core network equipment forwards data packets instead of keeping state information, constituting a Core-Stateless structure of very high scalability.

DiffServ drastically downsizes the workload of signaling, and focuses on flow aggregation and the set of per-hop behavior applicable to the CoS of the entire network. Data flows can be classified based on the predefined rules, aggregating a number of application data flows into a limited number of data flow classes. Specifically, the boundary node turns the traffic into different flow aggregates by Classification, shaping and labeling the traffic according to the profile and resource reservation information of the subscriber. The flow aggregate information is contained in the DSCP field of the IP packet header. In scheduling and forwarding IP packets, the core network equipment focuses the flow aggregates as the service object, and provides different forwarding quality based on different DSCPs of the IP packet header. This mode of forwarding data packets of different types is called Per-Hop-Behavior (PHB), which is in fact a relative priority mechanism

3.12.4 QoS Technology For ZXR10 3900A Series Switch

The ZXR10 3900A series switches provide overall QoS support for the IP DiffServ solution, and are completely compatible with the standards of the IETF DiffServ solution, including RFC2474, RFC2475, RFC2497, and RFC2498. These products support IP Precedence or DSCP as the QoS in-band signaling, and support DiffServ-related functional components such as the flow controllers (including the classifier, marker, measurement unit, shaper, and dropper) and the PHBs (congestion control and congestion avoidance).

The QoS of the Ethernet switches feature the following:

• Packet Classification

• Priority marking

• Congestion control

• Congestion avoidance

• Traffic policing

• Traffic shaping

• Physical interface total rate limiting



3.12.4.1 Packet Classification and Priority Marking

Packets Classification is to divide the packets into a number of priority levels or ToSs. For example, the packets can be classified into up to eight types, with the packets marked with the first three bit (IP priority) of the Type of Service (ToS) field of the IP packet header, or into at most 64 types with the packets marked with Differentiated Services Code Point (DSCP, the first six digits of the ToS field). When the packets are classified, the QoS features can be applied to the different types, for type-based congestion control and traffic shape.

Network administrators can set the strategy to classify packets. This strategy specifies not only such in-band signaling as the IP priority or DSCP value of the IP packet and the CoS value of 802.1p, but also the input interface, source address, destination address, MAC address, IP protocol or application port number. The classification results are beyond scope limits, which can be a flow determined by the quintuple (source address, source port number, protocol type, destination address, destination port number), or all the packets destined to a network segment. The ACL, especially the extended ACL technology, can be used to classify packets, dividing packets into different types based on different requirements.

Usually when packets are classified at the edge network, IP priority or DSCP is also marked at the same time, in order to simply use the IP priority or DSCP as the criteria for classification inside the network. And this priority can be used by queuing schedule to process packets differently. Downstream networks can selectively receive the classified results from upstream ones, or reclassify the packet flow based on their own classification criteria.

For example, making the following classification and marking at the edge network:

To aggregate all VOIP packets into the EF ToS, and mark the packet IP priority as 5 or the DSCP value as EF, aggregate all VOIP control packets into the AF ToS, and the packet IP priority as 4, or the DSCP value as AF31.

When the packets are marked and classified at the edge network, differentiated services can be provided by different type’s traffic in the intermediate nodes of the network according to the labels. For example, the delay and less jitter are ensured for packets of the EF type, and are put under traffic policing, while for the AF type, appropriate bandwidth is still assured even in traffic congestion.

3.12.4.2 Congestion Control

Congestion control is usually provided with the queuing technology, in which the packets can be buffered into a queue in the router by an appropriate strategy, and taken from the queue by a scheduling strategy, before being sent out of the interface. Depending on the in-queue and out-queue strategies, congestion control can be classified as follows:

1. First In First Out Queuing (FIFO)

ZXR10 3

3900A 3200A

16

Figure

As shohereinawhen tinterfacthe exi

2. Str

Figure 2

As shopacketpacketand reare hipacketqueueprioritynormahigher higher higher procespriority

3. We

Product Desc

© 2010

1 FIFO Sch

own in Figuafter) acceptthe speed ofce can sendit at their in-q

rict Priority Q

2 SP Sched

own in Figut priority/DSCts are classifespectively sgh-priority, ts are sent o, and send i

y queue, untl-priority quepriority are priority in cpriority are

ssed when thy of high prio

eighted Rou

cription

0 ZTE Corpora

heduling

re 1 insteadts the packef the packetsd. At the samqueue seque

Queuing (SP)

duling

re 2, the SPCP conditionfied into four sent to the cmiddle-prioriout of the qin turn thosetil sending aeue and lowsent first, a

case of conprocessed in

he network isrity services

nd Robin Qu

ation. All right

d of Classificets into the qs arriving at me time, the ence on FIFO

)

P classifies tns. In the ex

types to belcorrespondingity, normal-pueue, the S

e in the middall the packew-priority queand those of gestion. In tn advance, les idle after crand makes

ueuing (WRR

s reserved.

cation the pueue by thethe interfaceFIFO sends

O basis.

the packets,ample showong to any og queue by priority, andP first senddle-priority wts. Then it peue in turn.f lower priorithis mechaneaving thoseritical servicefull use of ne

R)

ZTE Confid

ackets, the ir arriving pr

e is faster thas the packets

, based on Vwn in with MAof the four SP

their types. low-prioritys out packe

when no queproceeds to This way pty will be po

nism, packete of lower pries are handleetwork resou

dential Proprie

FIFO queuiriority at the an the speeds out of the

VLAN CoS AC addresseP queues in tThe four SP

y queues. Wets in the higue is left in sending thopackets clasostponed byts (such as ority (such aed, which enurces as well

etary

ng (FIFO interface, d that the queue at

value, IP es, all the the figure, P queues When the gh-priority the high-

ose in the ssified as y those of

VOIP) of as E-Mail) sures the .

ZTE Con

nfidential Prop

Figure

As shoVLAN respecinto thqueuesby theapprop8 respe

4. De

Figure 4

Compafactor o

DepenQuantunumbebandw

prietary

3 WRR Sch

own in FigurCoS value,

ctively belonghe correspons can be allo

e user. Whepriate amounectively, and

eficit Weighte

4 DWRR Sc

ared to the pof packet len

nding on theum for eacher of bytes

width of each

© 2010

heduling

re 3, the WRIP packet p

g to one of tnding queueocated with ten the packnt, accordingd sends them

ed Round Ro

cheduling

packet-basedngth, further

e weighted h queue. Wof the queuof the queue

ZTE Corporat

RR classifies priority/DSCPthe eight ques according the interface

kets are out to the band

m out from the

obin Queuing

d WRR, the improving th

value confiWhen scheduues based oes.

ZXR10

tion. All rights

the packetsP, and n-tupleues of the to the type

e bandwidthsof the que

width ratio se interface.

g (DWRR)

byte-based e fairness of

gured for thuling the ouon the curre

0 3900A 3200

reserved.

s according te, ultimatelyWRR. Then

e of the pacs to seize aseue, the WRso defined, fr

DWRR takef queue sche

he queue, tut-queue pacent Deficit C

0A Product D

1

to such condy into eight ty it sends the

cket. The eigs per the ratiRR takes parom queues

es into accoueduling.

the DWRR ckets, it dec

Counter, dec

Description

7

ditions as ypes that e packets ght WRR o defined ackets of 1 through

unt of the

allocates cides the ciding the

ZXR10 3

3.12.4.3

3900A 3200A

18

3 Conge

Due tothe qudrops mechaseveraavoidasynchrkeepinreducindrastic

To preEarly DqueueWhen randomqueue

As WRdown tsynchrconnecmaintahigh sp

If the pthreshoabruptaveragaveragdroppifilteredand beunfair t

WREDthe pacoefficcharac

The re

Figure

Product Desc

© 2010

estion Avo

o limited memeue length iswill result in

anism of TCPal TCP connance at theseronization. Tng the packeng line band

cally, fluctuat

event the abDetection (W. When thethe length is

mly (the longlength is lon

RED drops ptheir sendingronization. Wction beginsain a high sepeed sending

packets are dolds set by t data flows wge queue lege length cong. Here the

d at low-passe insensitivetreatment to

D can sense ackets of dicients, queucteristics for t

elationship be

5 Relations

cription

0 ZTE Corpora

oidance

mory resourcs up to the mn TCP timeP to reduce nections at te connectionhis way thesets traffic sedwidth utilizating the traffic

ove from haWRED) can be queue lengs between thger the queunger than the

packets randg speed at thWhen the pas to slow donding speedg anytime, im

dropped basthe user (whwill be treatength (which

omparison) ie average qus. As this prae to burst chdata flows.

the QoS in-bifferent IP pe thresholdsthose packet

etween WRE

ship between W

ation. All right

ces, traditionmaximum speout, triggerinsending pac

the same tins at the sase TCP connnt to the qution. And thec on the line

appening, thebe employedgth is below e low and hie, the highe

e high thresh

domly, it prehe same timackets of a wn its send

d. This way thmproving the

sed on the cohich is the aed unfairly to is the relas used for

ueue length actice can bhanges of q

band signalinpriorities or s, and dropts.

ED and the q

WRED and the

s reserved.

nally all arriviecified. With ng the slowckets. Whenme, it will tme time, wh

nections will sueue lower the packet trafto be either

e packet drod, enabling tthe low thre

igh thresholdr the probabold, it drops

vents severame, avoiding

TCP conneing speed, there are alw

e bandwidth u

omparison babsolute lengo affect datative value focomparing wrefers to theoth indicate

queue length

ng such as IDSCP with

p probabiliti

ueue mecha

e Queue Mech

ZTE Confid

ing packets wrespect of T

w-start and cn the queue rigger slow-hich is referrsend fewer phan the lineffic sent to thminimal or s

op strategy othe user to seshold, WREds, WRED bebility of beingall packets.

al TCP connthe above-m

ection are drthe rest of T

ways TCP coutilization.

between the gth for settina flow transmor setting qwith the set

e result of thethe changin

h, it avoids t

P priority anh different qes, thus of

anism is show

hanism

dential Proprie

will be droppTCP packets,congestion adrops the p

-start and cored to as TCpackets to th

e sending sphe queue wi

saturated.

of Weighted set thresholdED drops noegins to dropg dropped). W

nections frommentioned gloropped and TCP connecnnections en

queue lengthng queue thrmission. Therueue thresht threshold te queue lengg trend of ththe above-m

d DSCP, anqueue lengthffering differ

wn as follows

etary

ped when , frequent

avoidance ackets of ongestion CP global he queue, peed, and ll change

Random ds for the o packets. p packets When the

m slowing obal TCP the TCP

ctions still ngaged in

h and the resholds), refore the holds and to decide gth being

he queue, mentioned

d can set h filtering rent drop

s.

ZTE Con

3.12.4.4

nfidential Prop

With Wreasonflows droppeprotect

4 Traffic

Traffic connecalgorithWhen traffic practicpacket

For ISenterpcontrotraffic.

The CI

Figure

Figureclassiftraffic ctraffic the TBthe TBtype of

The tocan alcapacibucketsent fupacketpacket

prietary

WRED and Wn is that diffetend to hav

ed. Larger floting the inter

c Policing

policing is ction of a nehm in the RFthe packets

policing will ce is using Cts, such as c

SPs, it is cririse Intranetlling network

IR controls tr

6 Processin

6 illustrateied accordincharacteristiccontrol, how

B for sendingB fall short, thf packets.

oken bucket so set the city, no more t that has enurther. At thet length, andt can be sent

© 2010

WFQ used toerent flows hve shorter qows tend to hrests of those

typically uetwork. The FC-defined ss meet suchact on them Committed I

confining the

itical to conts, restrictingk status, as

raffic using T

ng of Traffic C

s the basic ng to the prcs to be sent

wever, will en packets, the

he packets w

places tokencapacity of tokens will ough tokense same timed packets wt.

ZTE Corporat

ogether, thehave their owqueue lengthave longer qe smaller flow

sed to restZXR10 3900single-rate a

h conditions by droppingnformation RHTTP packe

trol the traffg the traffic o

network ad

Token Bucke

ontrol in CIR

processing eset match t further, withnter the TB fey are allowe

will be droppe

ns into the bthe bucket. be added in

s to send pace, tokens in t

will be droppe

ZXR10

tion. All rights

flow-based Wwn queues wh, which requeue lengthws.

trict the traf0A series swand dual-rate

as excessivg packets or Rate (CIR) tets to within 5

fic sent intoof some app

dministrators

et (TB).

of traffic corules, leavin

hout processfor processined to pass aned, which wo

bucket at theWhen the tto it. When tckets, the pathe bucket aed when the

0 3900A 3200

reserved.

WRED can when being ceduces their h and may be

ffic and burwitches suppe color-blind/ve packet traresetting theto restrict th50% of the n

o the networplications pro

can use th

ontrol in CIRng packets sing by the Tng. If there and be sent fuorks to contro

e rate speciftokens in thethe packets

ackets are alare reduced e tokens bec

0A Product D

1

be implemenclassified, an

probability e dropped m

rsts which eort the trafficcolor-sensitivaffic of a coeir priority. A he traffic of anetwork band

rk by the usove to be ef

he CIR to co

R. First, pacwithout the

TB. Packets iare enough urther. If the ol the traffic

fied by the ue bucket exare processlowed to pascorrespondi

come so few

Description

9

nted. The d smaller of being

more often,

enter the c policing ve mode.

onnection, common

a type of dwidth.

sers. For ffective in ontrol the

ckets are specified n need of tokens in tokens in a specific

user, who xceed the sed in the ss and be ng to the

w that no



TB is effective in controlling data traffic. When the bucket is filled with tokens, packets represented by all tokens in the bucket can be sent, which allows burst data transmission. When the bucket runs out of tokens, no packet can be sent until new tokens are generated in the bucket. This confines the packet traffic to less than or equal to the speed of token generating, for the purpose of traffic limiting.

In practice, the traffic policing of the ZXR10 3900A series switches can not only control the traffic, but also mark or re-mark the packets. Specifically, traffic policing can set or modify the IP packet priority for marking the packets.

For example, when the packets conform to traffic characteristics, their priority can be set to 5. When the packets do not conform to traffic characteristics, they can either be dropped, or sent further with their priority sent to 1. This way subsequent processing will ensure that packets of priority 5 are not dropped, and those of priority 1 are sent when the network is not congested. In case of congestion, packets of priority 1 will be dropped before those of priority 5.

Traffic shaping can set different traffic characteristics and mark characteristics for packet categories, that is, to classify packets and provide these packets with appropriate traffic characteristics and mark characteristics.

3.12.4.5 Traffic Shaping

Traffic shaping is typically used to restrict the traffic and bursts out of a connection of a network, sending such packets at even rate outside. Traffic shaping is usually implemented with the buffer and token bucket. When packets are sent too fast, they are first cached in the buffer, before they can be sent at even speed under token bucket control.

Traffic Shaping (TS) can shape irregular traffics or those incompliant with preset traffic characteristics, facilitating the bandwidth match between the upstream and downstream of the network.

Same as CIR, the TS also controls the traffic with token bucket technology. The difference between TS and CIR are as follows: CIR drops packets incompliant with the traffic characteristics during packet traffic control. TS buffer such packets to minimize the drops and meets the traffic characteristics of the packets.

The basic processing of TS is shown in Figure 7 in which the queue for packet buffering is called a TS queue.

Figure 7 TS Processing

ZTE Con

3.12.4.6

nfidential Prop

The Tpacketfree oftokensspeed.be senpacketthe paTS willpacketbucketpacket

6 Physic

The LRa physconfigupacketIf theretokensqueue can be

Likewisallow bbe senless thburst t

CompaThe CI

In sumfollowi

Figure

prietary

TS can shapts are classif token buckes in the bucke. When therent further. At t length. Whckets will bel take them fts will be cot are reducets in the buck

cal Interface

R can restricsical interfacured at an ints sent throue are enoughs cannot me

for congeste controlled.

se as token burst transmnt until new than or equalraffic can be

ared with traIR is flow spe

mmary, the Qng figure.

8 QOQ Pro

© 2010

pe packet trfied first, an

et processinget, and the be are enoughthe same timen the token

e buffered intfrom the quempared withd to so few ket have bee

e Total Rate

ct the interfacce, and still terface of thgh the interfah tokens in t

eet packet-seion control.

bucket is usission of pactokens are g to the spee allowed to p

ffic CIR, the ecific and un

QoS process

ocessing of the

ZTE Corporat

raffic specifiend those reqg. Packets inbucket continh packets in tme, tokens inns in the bucto the TS queue for sendin

h tokens in ththat no pac

en sent.

e Limiting (L

ce packets (iuses the toke switch thatace will first the bucket foending condThis way the

ed to controckets. When enerated in

ed of token gpass.

LR can restnavailable for

sing of the ZX

e ZXR10 3900

ZXR10

tion. All rights

ed on the iuiring no TS

n need of TS nues to placethe bucket ton the bucket cket are redueue. If there ng by a cyclehe bucket, u

cket in the qu

Link rate)

ncluding emken bucket ft the LR spebe processeor sending pditions, the pe packet traf

l traffic, tokethe bucket rthe bucket. generating, s

trict all packer the packets

XR10 3900A

0A Series Swit

0 3900A 3200

reserved.

nterface or S processingprocessing w

e tokens intoo send, the pare reduceduced that noare packets

e. Each timeuntil the numueue can be

ergency pacfor traffic cocifies the trad by the portackets, pack

packets will ffic through t

ens (if there aruns out of toThis confineso that traffic

ets passing ts not configu

A series swit

tch

0A Product D

2

all packetsg will be senwill be comp

o the bucket packets are ad correspondo packet cans in the TS qe it sends pacmbers of tokee sent, or un

ckets) sendinontrol. If the ffic charactet-based tokekets can be sbe put into the physical

are any in thokens, no pa

es the packetc can be lim

the physical red with CIR

tches is show

Description

21

. Arriving nt further, pared with at the set

allowed to ing to the

n be sent, ueue, the ckets, the ens in the ntil all the

ng rate on user has ristics, all

en bucket. set. If the the QoS interface

e bucket) acket can t traffic to

mited, and

interface. R.

wn in the



3.12.5 Qos Applictaion

3.12.5.1 PHB Assurance of Voice and Video Service Types

Ongoing development of the network enables people to come up with non-traditional data applications such as IP voice (VOIP) and videoconferencing. The integration of voice, video and data networks into one network is an inevitable trend of network development, which can lower network maintenance costs and enhance the competitiveness of communication operators. This requires the IP network to ensure the voice information delay and delay jitter requirements, and to provide the voice quality comparable to Public Switched Telephone Network (PSTN).

The abundant QoS mechanism of the ZXR10 3900A series switches can fully satisfy the above requirements of merging three networks into one. The following technologies can also be integrated to reduce the transmission delay of voice packets.

The SP queue scheduling algorithm puts voice packets into the high-priority queues, ensuring them to be scheduled first at congestion. The queue scheduling mode with SP and WRR combined can also be used, as shown in the following figure.

Figure 9 VOIP Support

In the applications with the three networks integrated, traffics on the router are classified into the three categories of voice, video and data, and these categories are set with different priorities with the coloring function of traffic policing. At the same time, the SP queue, WRR queue, or SP/WRR combined queue are used to ensure voice packets of high priority are served first in case of network congestions, reducing the transmission delay of voice packets. Traffic policing and traffic shaping are configured on the router, controlling the packet traffic when they enter the DS (DiffServ) area from the router. When the packets enter the DS area, they will be forwarded by the packet category at the corresponding PHB. Routers of the DS area can be configured with WRED to lower network congestions, and queue technologies of SP or WRR can be used to ensure the priority scheduling of voice packets in case of network congestion, reduce the packet transmission delay and delay jitter, ultimately improving the transmission quality of time-sensitive real-time voice services.



3.12.5.2 VPN in Enterprise Intranet

ISPs can provide VPN services via the IP network to lower the network building cost/leased line cost, making it appealing to enterprises. The VPN can connect the staff on business trips and the head office of the enterprise, branches in other places with the head office, and cooperation partners with the head office, communicating information in between. If the VPN cannot ensure timely and effective transmission of enterprise business data, that is, effective QoS assurance, it can hardly provide desired services to the enterprise. For example, business correspondence and database access should enjoy higher priority in their bandwidth needs, with business-irrelevant E-Mail and WWW access treated as Best-Effort information flows.

The abundant QoS mechanism of the ZXR10 3900A series switches can fully satisfy the above requirements of the enterprise VPN:

• Marking different services with IP priority/DSCP, and Classification the traffic based on IP priority/DSCP.

• Using the SP or WRR queue scheduling algorithm to ensure the QoS performance such as bandwidth, delay and delay jitter for the enterprise business data.

• Treating VPN information differentially in the WRED/tail drop mechanism, avoiding traffic fluctuations inside the network.

• Restricting the traffic of different information flows in the VPN in the traffic policing mechanism.

The CE routers at the VPN sites classify and color the traffic, dividing for example the traffic into the three categories of database access, important business correspondence, and WWW access, and marking when necessary the priority of the three service packets respectively into high, medium and low after the classification. The VPN service provider can also set traffic policing function at the access port of each CE router, and traffic shaping function at the exit port, which can control the packet traffic entering the service provider’s network from the VPN sites below the committed high threshold of traffic. On the PE routers of the network of the VPN service provider, MPLS EXP will copy by default the priority of the IP packets. In this mechanism, the packets scheduling modes can be controlled by configuring the SP or WRR queues on the PE and P routers of the VPN service provider’s network, ensuring packets of higher priority can be served first in case of network congestion for low delay and low delay jitter. In addition, WRED can be set to avoid the global synchronization of TCP traffic.

Furthermore, if the ISP wants to define a CoS different from the user’s network, or does not trust the IP priority of such network, it may also remark the packets by certain rules at the PE router entry.

3.13 VRRP By a set of detection and voting mechanisms, the VRRP protocol implements route backup in multiple access to the LAN. The protocols maintain uninterrupted services of the network system for the host equipment connected by backing up the gateway equipment in the LAN, that is, acting as the backup for the next-hop equipment on the route of the host equipment connected. The simple detection and voting mechanism



provided by the VRRP can rapidly implement backup and changeover in the event of equipment failure. For ordinary configuration, this is completed in 3~5 seconds, which basically satisfies the interrupt-ability requirements of services. In addition, there is no special requirement for the host equipment connected.

Due to the limitation of the working mechanism of the VRRP, the devices working together in one VRRP group must be in the same LAN. In other words, they should not be distributed in different LANs. This way, in the now common network architectures for VLAN, the devices in one backup group must also be in one VLAN, but in one VLAN there can be multiple VRRP backup groups.

3.14 IP SUPPORT PROTOCOL It is composed of the following sub-modules:

1) IP basic protocol module

This module performs IP/ICMP/ARP protocol processing and routing table management.

The IP protocol part transfers IP packets on the network layer, while providing functions such as error control, IP option, TOS, segment reassembly and security service. The IP module provides local transfer and routed forwarding of IP packets, for encapsulation and distribution of the upper-layer protocol.

The ARP protocol part provides the conversion from the IP address to the MAC address. The ARP packets are directly encapsulated by link frames (Ethernet frames in this system), but they are closely combined with IP. With the ARP packet mechanism, the MAC address corresponding to an IP address can be obtained.

The ICMP protocol part provides control or error information transfer function. The ICMP packets are encapsulated by using IP packets, combined closely with the IP layer. This is a part that the IP layer protocol must implement. It includes receiving ICMP error packets, sending them to the appropriate network layer for processing, responding to the ICMP request packets, constructing and sending ICMP packets under the request of the IP layer or transmission layer.

The IP routing table management part performs operation and maintenance of the routing table, providing the interfaces to the routing protocol for generating, updating, and deleting routing tables, and providing the related interfaces for the routing of IP layer.

2) The TCP protocol processing module processes the TCP data packets from the IP basic protocol module, sending the packets of the protocols such as TELNET and BGP to the appropriate processing modules.

3) The UDP protocol processing module processes the UDP data packets from the IP, sending the packets of the protocols such as FIP and SNMP, and DHCP to the appropriate processing modules.

3.15 RIP The RIP protocol is implemented based on the vector distance routing algorithm of the local network. The RIP protocol exchanges RIP routing information through UDP



packets, which contain the protocol packets to send. The routing information in the RIP packets includes the number of the routers on the route (the number of hops). The routers determine the route to each destination network according to the number of hops. As stipulated by the RFC, the count of hops should be no more than 16. Therefore, the RIP is suitable to be used as the internal gateway of a small Autonomous System (AS).

The RIP protocol of the ZXR10 3900A performs the following functions:

• Sends/receives RIP packets according to the protocol, checks the correctness of the packets and performs some authentication

• Supports RIPV1/V2 and supports plain text authentication and MD5 authentication. Supports reallocation of routes

• Creates route loops and expedites route convergence, and updates the technology with horizontal splitting and triggering

• Supports protocol DEBUG

3.16 OSPF As an internal gateway protocol (IGP) developed by IFTF, the OSPF is based on the link status and the Shortest Path First (SPF) algorithm. The OSPF can converge the routing table in a very short period, and avoid loops, a capability extremely important for mesh networks or LANs connected with multiple bridges. In every device that runs OSPF, a unified database is maintained to describe the topology of the autonomous system. This database is composed of the local status information of each device, for example, available interface and neighbor of the device, status of the network connected with the device, and external route connected with the autonomous system. The OSPF uses the link status algorithm to calculate the shortest paths from each area to all the destinations. When one device first starts to work or any route changes, this device helps the device that runs OSPF to disperse the LSAs to all the devices in the area of the same level. These LSAs contain the link status of this equipment and its association information with its neighbors. The information collected from these LSA forms the link status database. In this area, each of all the devices has a particular database to describe the topology of the area.

The OSPF protocol of the ZXR10 3900A performs the following functions:

• Makes a hierarchical network topology that is suitable for large interconnection networks

• Uses the Dijiksra algorithm in route calculation so that the system can follow the network topology change automatically and rapidly

• Supports the display and configuration commands from the primary console, supports the commands, display and MIB variables related to SNMP

• Supports authentication of routing protocol packets, including simple password authentication and MD5 authentication, to prevent the routing protocol packets from being tampered



• Uses retransmission and confirmation mechanism to guarantee the reliability in link status synchronization

• Supports multiple different distance measurement plans, for example, physical distance, delay, throughput, etc.

• Supports STUB AREA, NSSA

• Supports domain edge and AS edge routers.

• Supports classless routes and route aggregation

• Controls route re-allocation and route filtering through Route Map route mapping

3.17 IS-IS The Intermediate System-to-Intermediate System (IS-IS) routing protocol is an expression of the OSI model of the router, and it is used for IP networks based on TCP/IP. The IS-IS system consists of two layers: Backbone layer (L2) and area layer (L1). One router can only belong to one area. The Ll router only knows the topology in its area, and all the traffics bound for other areas are sent to the nearest L2 router. The L2 routers must form a backbone, similar to the backbone area “o” of OSPF.

The IS-IS protocol of the ZXR10 3900A has the following characteristics:

• Supports address aggregation on L1 and L2

• Supports L1/L2 hierarchical routing method and supports ATT flags

• Supports three area addresses and smooth area address migration

• Supports balancing the load for the same destination

• Supports plain text authentication of interfaces and areas

3.18 BGP The BGP is an external gateway protocol. Its basic function is to exchange loop-less routing information between autonomous systems. The information exchanged by the BGP carries a great variety of attributes, which can be used to construct the topology of the autonomous system and to implement AS based routing strategy. Its path reach-ability information with the AS serial No. can be used to eliminate route loop. As a collection of routers and terminal sites, the ASs are under the same management and control domain, and are deemed as single entities, and they control the expansion of the routing table by classless inter-domain route selection of the BGP. The BGP-4 also introduces a mechanism to support route aggregation, including the aggregation of the AS paths. The BGP is designed to provide a structured view of the Internet through AS. By dividing the Internet into multiple ASs, a large network is created with many smaller



but more easily manageable networks. In these smaller networks known as ASs, their own rules and management strategies can be used.

The BGP protocol of the ZXR10 3900A has the following features:

• Suitable for use in large networks, usually backbone networks

• Supports EBGP and IBGP

• Supports EBGP multi-hop technology

• Supports group attributes and router reflectors

• Supports AS confederation and turbulence suppression

• Supports MP-BGP

• Supports MD5 authentication and route filtering

• Supports reallocation of routes

3.19 IP MULTICASTING ROUTE The IP multicast routing technology enables effective point-to-multipoint data transfer over the IP network. IP multicast can effectively economize network bandwidth, and reduce network load, so the IP multicast routing technology has found wide application in many aspects such as resource discovery, multimedia conference, data copying, real-time data transmission, game and emulation. Multicast routing protocols can be classified into intra-domain protocols and inter-domain protocols. Inter-domain protocols include MBGP and MSDP, while intra-domain protocols include PIM-SM, PIM-DM, and DVMRP. Intra-domain protocols can be divided into two categories. One is coarse multicast routing protocol, including PIM-SM. The other is dense multicast routing protocol, including PIM-DM and DVMRP. At present, PIM-SM is the most practical multicast protocol.

The PIM-SM constructs a Rendezvous Point Tree by a mechanism where multicast information sink expressly joins, for distributing multicast packets. When certain conditions are met, the information sink can also be switched to the shortest Rendezvous Point Tree. In addition, PIM-SM is not related to the unicast routing protocol, since it performs RPF check by using a unicast routing table, rather than relying on a particular unicast routing protocol. The PIM-SM is more suitable for a multicast network where there are potential multicast group members at the end of the WAN link. In addition, the PIM-SM allows the use of the SPT, so it reduces the network delay as a result of the Rendezvous Point Tree used, and hence increases the efficiency. Therefore, the PIM-SM is the best choice of the multicast routing protocol in the multicast network domain.



3.20 DHCP The DHCP manages the IP address and other related configuration information used on the network, to reduce the complexity in managing the address configuration. When the DHCP service is used on the network, the client and server must be in the same broadcast domain. If a network is built in this way, the ZXR10 3900A must provide the DHCP SERVER function. In another application, the DHCP server and the users are not in the same broadcast domain. The client obtains its address through transit via the ZXR10 3900A. This is what referred to as DHCP relay technically.

The ZXR10 3900A implement the built-in DHCP SERVER function through the DHCP protocol, to enable the dynamic address allocation and management of the DHCP CLIENT, and at the same time provide the user management module on the destination equipment system with the appropriate service management interface for the DHCP CLIENT. They implement transparent interaction between the DHCP CLIENT and DHCP SERVER through the DHCP RELAY AGENT expansion option of the DHCP protocol, to enable the dynamic address allocation and management of the DHCP CLIENT, and at the same time provide the service management module on the destination equipment system with the appropriate service management interface for the DHCP CLIENT.

3.21 Statistics And Alarm Subsystem The statistics and alarm subsystem is also a function that the ZXR10 3900A must provide. This subsystem is involved throughout all other subsystems of the software. This system receives the statistics and alarm configuration information from the maintenance management subsystem. All software subsystems send the related statistics and alarm information to the statistics and alarm subsystem, which performs appropriate operations according to the configuration information of the statistics and alarm and based on the alarm levels. For example, it may write the logs to store the alarm information through the file operation primitive provided by the ROS or notify the maintenance terminals to display the alarms, or send the IP information of the alarms to the specified destination address via the IP route subsystem. It stores the statistics and provides the interface by which the maintenance and management subsystem can query it.

3.22 Maintenance and Management During the running of the routing switch, the user must be able to real-timely monitor its running and that of the whole network, and the user needs to configure the route and the whole network, so an interface must be provided to allow the routing switch and the user to interact. This interface must provide all the necessary functions and are easy to operate. The popular command line interface is used. The command line provides the user mode, privileged mode and configuration mode, and enables the user to configure the route and manage its faults.

The maintenance management subsystem receives the user commands from the TELNET, parses them and checks their validity, and then creates the execution ID based on the parse result, before sending them to the command execution sub-module for execution. During the execution process, it will invoke the services provided by the database module to save the command configuration.



This maintenance and management subsystem is usually composed of the command parse module, command execution module and database.

3.23 SNMP The SNMP subsystem implements the SNMP AGENT function, and supports all the protocol operations of the SNMP agent specified in SNMP V1 /V2c/V3.

The protocol operations of SNMPv1 are:

• get-request

• get-next-request

• get-response

• set-request

• trap

• The protocol operations of SNMPv2 are:

• get-request

• get-next-request

• get-bulk-request response

• set-request

• inform-request

• SNMPv2 -trap

The Management Information Library (MIB) is described by using SMIv1 and SMIv2. The MIB consists of the following parts:

• Management objects supported by the core router

• Management objects of the routing protocol

• Management objects of the network management protocol

• Management objects of the TCP/IP support protocol

• Management objects of the high-speed network interface

• Management objects of important data and configuration parameters



• Management objects compatible with SMIv1

• System configuration parameters

• Other protocol management objects

The related software subsystems are integrated with the related sub-agent functions.



4 System Architecture

4.1 Product Physical Structure Front panels for ZXR10 3952A/3928A/3928A-PS/3928A-FI are shown in the following figure:

Figure 10 ZXR10 3952A front panel

Figure 11 ZXR10 3928A/3928A-PS front panel

Figure 12 ZXR10 3928A-FI front panel

ZXR10 3952A front panel has 48 high-speed Ethernet electrical interfaces and 1 Console interface. ZXR10 3928A/3928A-PS front panel has 24 high-speed Ethernet electrical interfaces and 1 console interface, which has MGT interface inbuilt. Two ports share one RJ45 interface. Console implements local configuration and management of switch. MGT interface is 10/100BASE-TX interface for upgrade and network management. Its features are shown in Table 1. Fast Ethernet port supports 10/100 adapting. Packets received at 100M Ethernet port are transmitted to main control card PHY, MAC and then transmitted to Packet Processor (PP), which makes corresponding forwarding decision based on packet MAC address and IP address. All ports support wire-speed operation. Its features are shown in the following table.



Table 1 Features of front panel of fast Ethernet electrical board of ZXR10 3900A

Port type Description

10Base-T

Conforming to IEEE 802.3 standard RJ45 connector Adopting 3, 4, 5 category UTP (Unshielded Twisted Pair) Maximal transmission distance 185m Half duplex/full duplex MDI/MDIX

100Base-TX

Conforming to IEEE 802.3u RJ45 connector Adopting 5 category UTP (Unshielded Twisted Pair) Maximal transmission distance 100m Half duplex/full duplex MDI/MDIX

There are indicators on front panel of ZXR10 3900A respectively, indicating link state, operation alarm, and power supply. Their functions are shown in the following table.

Table 2 Indicators on panel of ZXR10 3900A

Indicator Description

RUN Flashing, main control card works well Off, main control card has fault

PWR On, main control card has no alarm Off, main control card has alarm

LNK On, the interface has established link Off, the interface has no connection with any other interfaces.

ACT Off, no data receiving and sending at the interface Flashing, there’s data receiving and sending at the interface

4.2 Hardware Architecture This chapter describes the system hardware structure and operating principles of the ZXR10 3900A, covering the overall system structure, power modules, functional block diagrams for boards and their working principles.

4.2.1 System Hardware Structure

The ZXR10 3900A series provides 24/48 FE interfaces and four GE uplink interfaces. They support L2 and L3 functions, with level 1 switching for processing and forwarding 100M and 1000M packets.



Figure 13 Functional Block Diagram for the Hardware of the ZXR10 3900A

At present, the 3900A and are designed with the similar hardware architecture. The ZXR10 3928A/3928A-PS /3928A-FI and 3952A are designed with the 1U cassette structure. The front panel of ZXR10 3928A/3928A-PS/3928A-FI provides 24×100Mbps electrical/optical Ethernet interfaces, 2×1000 Mbps SFP interfaces and the back panel provides one service slot which supports four kinds of interface module, 2×100Mbps SPF interfaces module, one GE electric and one GE SFP interface module, two GE electric interfaces module, two GE fiber interfaces module. The ZXR10 3952A provides 48×100 Mbps electrical Ethernet interfaces, 4×1000 Mbps SFP interfaces on the front panel. By function, these boards can be divided into the switching and control module, power module and interface module. See Figure 16 for the functional block diagram of the system.

4.2.2 Switch and Control Module

In practice, the switching and control module is integrated in the main control board. Figure 17 shows its functional block diagram.



Figure 14 Functional Block Diagram of the Main Control Board

4.2.3 Control Module

The control module is composed of the main processor and some external application chips. It provides external operation interfaces, for example, serial ports and Ethernet ports, by which the system can process all kinds of applications. The main processor is a high-performance CPU processor, which supports up to 512M SDRAM, 32M FLASH and 512K BOOTROM. It performs the following functions:

1 System NM protocol, for example, SNMP

2 Network protocols, for example, OSPF, RIP, and BGP-4

3 Providing the operation and management interfaces for line cards

4 Data operation and maintenance

4.2.4 Switch Module

The switching module is designed with a dedicated Switch chip, which is integrated with multiple 100M and Gigabit bi-directional interfaces, allowing it to process the wire speed switching of multiple ports. The Switch chip provides the following functions:

1 Store and forward switching

2 Supporting 9KB jumbo frames

3 Supporting priority queuing, where frames can be dropped selectively when the CoS queue is in congestion

4 Providing one management and control timer for each port



4.2.5 Power Module

ZXR10 3928A/3928A-PS support AC or DC power supply, ZXR10 3952A/3928A-FI support AC and DC power supply. Two power supply of -48V DC and 220V AC and can adopt 12V external redundant power supply module.

The AC power supply panel for ZXR10 3900A is shown in Figure 18. DC power supply panel is shown in Figure 19. The redundant DC power supply module is shown in the Figure 20.

Figure 15 AC power supply panel for ZXR10 3900A

Figure 16 DC power supply panel for ZXR10 3900A

Figure 17 Redundant DC power Module for ZXR10 3900A

4.2.6 Interface Module

4.2.6.1 2-Port GE Interface Board

Operating Principles

The 2-port GE interface board can provide two GE optical/electrical adaptive interfaces. This board has two Gigabit interfaces. Each port consists of one RJ45 interface and one SFP interface, which support an optical interface and an electrical interface respectively. The optical interface and electrical interface work in adaptive mode. The packets received from the Gigabit ports enter via the PHY the main control board’s PP, which then forwards them to the appropriate destinations based on the MAC addresses and IP



addresses carried. All the ports can operate at wire speed. The functional block diagram for the 2-Port GE interface board is shown in Figure 21.

Figure 18 Functional Block Diagram for the 2-Port GE Interface Board

4.2.6.2 Panel Indicators and Features

The panel of the 2-Port GE interface board is shown in Figure 22.

Figure 19 Panel of the 2-Port GE Optical Interface Board

The optical module used by the 2-port GE interface board is a removable SFP optical module. Any port supports the four distances common for Gigabit Ethernets. The features are shown in Table 3.

Table 3 Features of the 12-Port GE Optical Interface Board


SX (SFP-M500)

LC connector, 50 or 62.5 125mm multi-mode fiber, 850nm wavelength, maximal transmission distance 500m Transmitted power range: -9.5dBm~-4dBm, receiving sensitivity:<-18dBm

LX (SFP-S10K)

LC connector, 8 or 9 125mm single-mode fiber, 1310nm wavelength, maximal transmission distance 10km Transmitted power range: -9.5dBm~-3dBm, receiving sensitivity:<-20dBm




LH (SFP-S40K)

LC connector, 8 or 9 125mm single-mode fiber, 1310nm wavelength, maximal transmission distance 40km Transmitted power range: -4dBm~0dBm, receiving sensitivity:<-22dBm

LH (SFP-S80K)

LC connector, 8 or 9 125mm single-mode fiber, 1550nm wavelength, maximal transmission distance 80km Transmitted power range: 0dBm~5dBm, receiving sensitivity:<-22dBm

10/100/1000BASE-TX

RJ45 connector, using Unshielded Twisted Pair (UTP) Category 5 maximal transmission distance 100m Half duplex/full duplex, MDI/MDIX

The 2-port GE interface board has four indicators on its panel. Each user interface corresponds to two indicators. Their functions are shown in Table 4.

Table 4 Functions of the Indicators on the Panel of the 2-Port GE Interface Board

Indicator Description

LINK On: The interface has a link established Off: The interface has not any connection with other interfaces

ACT Off: The interface is not receiving/sending any data Flashing: The interface is receiving/sending data

4.2.6.3 2-Port GE SFP

FGFI subcard provides 2 GE SFP uplink interface. The type is SF-2800-2GE-2SFP which shown in the following figure.

Figure 20 Fig 1 2-port GE Optical Interface Card Panel

The interface board has 2 indicators ACT1 and ACT2 on its panel.


4.2.6.4 1-port GE SFP+1 Port GE Electrical FGFE sub-card provides 1 GE SFP and 1 GE electrical uplink interface. The type is 2800-2GE-SFPRJ45 which shown in the following figure.



Figure 21 1-port GE optical + 1 port GE Electrical Interface Card.

There are 3 indicators on the panel. The optical interface board has 1 indicators ACT.


Each user interface corresponds to two indicators. The electrical interface board has 2 indicators. Indicator Description

LINK On: The interface has a link established Off: The interface has not any connection with other interfaces

4.2.6.5 2 Port 100M SFP

FBFE sub-card provides 2 FE SFP uplink interface. The type is RS-2800-2FE-2SFP which shown in the following figure.

Figure 22 2-Port 100M SFP Interface

4.3 Software Architecture

4.3.1 Overview

The ZXR10 3900A series products are multi-layer switches with L2 switching and L3 routing capabilities and support for multiple functions, providing L2/3 wire speed switching and routing and QoS assurance. The system software performs management, control, and data forwarding. Its basic operations include system start, configuration management, running of protocols, maintenance of tables, setting switch chips, and status control, as well as software forwarding of some special packets. The system software must implement the following functions:

• Implementing major L2 protocol functions, including 802.1D STP protocol, 802.1P priority control, related functions of 802.1Q VLAN, and 802.3ad link aggregation

• Supporting Ipv4 protocol stacks and basic routing protocols



• Implementing multi-layer services such as ACL and DHCP

• Implementing some broadband access functions

• Implementing network management protocol SNMPv3 and Agent

• Allowing users to perform network management via the serial terminal, Telnet, or SNMP Manager, including network configuration management, fault management, performance management and security management.

• Smooth upgrade of the software version, and on-line upgrade of the active/standby protocol processing cards and switching network cards.

• Network security function

Based on the system functions mentioned above, the system software could be divided into five subsystems.

• Operation support subsystem, including software modules such as BSP, ROS, SSP, and VxWorks kernel

• MUX subsystem, including the data distribution module, statistics and monitoring module, and driving and encapsulation module. The data distribution module distributes data packets to the driver and upper-layer software. The statistics and monitoring module measures data, forwards information, and monitors the software table.

• L2 subsystem, including processing STP protocol, LACP protocol, IGMP SNOOPING protocol, MAC address management, VLAN management and L2 data forwarding

• L3 subsystem, which implements basic protocols of TCP/IP, such as IP, ARP, ICMP, TCP, and UDP, and application protocols such as FTP and Telnet, and implements unicast and multicast routing protocols, performing L3 data forwarding.

• NM and operation & maintenance subsystem, which implements the Agent function of the SNMP network management, supports command line management, provides operation & maintenance interfaces, and provides MIB information.

4.3.1.1 Operation Support Subsystem

The operation support subsystem drives and encapsulates the bottom-layer hardware, providing support for other software systems on the upper layer. This subsystem provides support for the running of the hardware, allocating resources for the hardware, and provides the hardware-related interfaces for the upper-layer software. The operation support subsystem relies on the RoS platform of the ZXR10, and it is composed of system support, system control, version load control, BSP, and SSP. It can be further divided into the operating system kernel, process scheduling, process communication,



timer management, and memory management modules. The functional block diagram for the operation support subsystem is shown in Figure 26.

Figure 23 Functional Block Diagram for the Operation Support Subsystem

4.3.1.2 MUX Subsystem

The MUX subsystem exchanges information with the driver and the upper-layer software, and measures and monitors the software table of the switch chip. The MUX subsystem mainly performs data distribution and measurement and monitoring. After the MUX layer receives the data packets from the driving module, it forwards the packets by type according to the ETHER TYPES fields in the MAC frames. The data distribution of the MUX also includes the encapsulation of the data sending function of the driver, to provide the modules on the upper layer with a new data sending function for invocation. When the modules on the upper layer have data packets or protocol packets to send, they can invoke the data sending function provided by the MUX. The measurement and monitoring function measures the status of the driver layer, physical layer and MUX layer, measures the packets received/sent, monitors the access to the register, and performs the sniff operations to the data packets, providing the OAM module with the interface function.

4.3.1.3 L2 Subsystem

The L2 subsystem performs configuration management (management layer) on the data link layer, protocol processing on L2 (control layer), and data forwarding (data layer or service layer). The function modules are illustrated in the following diagram.

ZTE Con

4.3.1.4

nfidential Prop

Figure 2

L3 Su

By sofforwardforwardprotocoprovidinetworapplicaICMP, generaOSPF,MBGPThe IPthe forindexelayer icreated

prietary

24 Functiona

bsystem

ftware layer,ding layer. Wding supportols. The suing servicesrk managemation entities

IGMP, TCPate dynamic , and BGP,

P, and they pP forwarding rwarding tabes, and data nputs forwad by the swit

© 2010

al Block Diagra

, the L3 subWhere, the st subsystem.pport protoc

s to the dynent and syst

s on the whoP, UDP and

routes, andand multica

provide relateand supportle and the reinteraction brds and outtch chip acco

ZTE Corporat

am of the L2 S

bsystem conservice cont The TCP/IP

cols are thenamic routintem monitoriole router sy Telnet prot

d they consist routing pred upper-layet subsystem elated strate

between the puts the datording to the

ZXR10

tion. All rights

Subsystem

nsists of thetrol layer is P consists of e basic protog protocols,ng. As the seystem, supptocol entitiesst of unicasrotocols sucher protocols is responsib

egies, and esCPU and swta of the strIP service c

0 3900A 3200

reserved.

e service cocomposed othe support

ocols in the, while actinervice providort protocolss. Routing pst routing proh as IGMP, such as LDP

ble for deletiostablishment

witch chip. Thrategies, rulecontrol layer.

0A Product D

4

ntrol layer aof the TCP/Iprotocols an

e Ipv4 protocng as the eder for the ups consist of protocols areotocols suchPIM-SM, M

P, VRRP, anon and modift and maintehe IP data foes and routin

Description

41

and data-P and IP

nd routing col suite,

entities of pper-layer IP, ARP,

e used to h as RIP, SDP and

nd RSVP. fication of enance of orwarding ng tables



Figure 25 Functional Block Diagram of the L3 Subsystem

4.3.1.5 NM and Operation & Maintenance Subsystem

The foreground NM and Operation & Maintenance subsystem uses TCP/IP to implement the agent of the SNMP NM, and meets the management requirements by using the execution entities of the managed entities on the bottom layer. The background NM communicates with the foreground NM via the network to manage the foreground system. In this way, the management network is isolated from the transmission network.

4.3.2 Descriptions of Layers

4.3.2.1 Data Link Layer Protocol Software

The Ethernet ports support Ethernet-II, IEEE802.2, IEEE802.3, and IEEE802.1Q

4.3.2.2 Network Layer Protocol Software

For network layer protocols, only the IP protocol is supported. L3 protocols such as IPX and AppleTalk are not supported

4.3.2.3 Upper Layer Protocol Software

From the perspective of the function, this software, as the protocol above L3,

• Supports the support protocols such as TCP and UDP

• Supports unicast routing protocols such as RIPv1/v2, OSPF, IS-IS, and BGP.



• Supports multicast routing protocols such as IGMP, DVMRP, PIM-SM and PIM-DM, and MSDP

• Supports application protocols such as TELNET, FTP, and TFTP

4.3.3 Function Module

To better show the layer protocols described above, the software is divided into multiple functional modules, as shown in Figure 29.

Figure 26 Functional Modules of the Software the ZXR10 3900A

4.3.3.1 Real-time Operating System (ROS)

As the core of the software system of the switch, the ROS is a single-processor, multi-task real-time operating system. It manages the whole hardware architecture of the switch on the bottom layer while provides an integrated operation platform for the applications on the upper layers.

Design Requirements

The ROS meets the following requirements in its design:



• High reliability: Meeting the requirement for long-time stable running of the Internet backbone network

• Real-time ability: Meeting the requirement in time for data synchronization between the large-scale dynamic routing protocols, NM protocols, and multiple processors

• Self-healing: Capable of detecting, handling and recording the faults in the whole system, and performing error recovery and equipment changeover in the event of faults

• Maintainability: Capable of tracing and recording the utilization and scheduling of the core resources and the system services

• Simplicity: Providing necessary system services to application programs only, while shielding unnecessary system services

• Encapsulation: Capable of completely shielding hardware features, to make the application layer independent of the hardware. Completely encapsulating the core resources and system services of the third-party real-time operating system (VxWorks), and providing the applications of the processors with a unified while portable software platform

General Design

Based on the VxWorks kernel, the software is designed to implement process scheduling, process synchronization, memory management, and timing management based on a single processor, while providing the core functions such as the communication between the multiple processes of one CPU and that between those of multiple CPUs, to provide the upper layer with stable, efficient and reliable system services.

Process Management

The process management sub-module provides the creation, scheduling, and inter-process synchronization of user processes by using the task management interface offered by the VxWorks kernel. As this system has a small number of user processes, the kernel is used to perform task-level encapsulation of all the user processes, and to implement creation, synchronization and scheduling of user processes. Dynamic creation of user processes is not supported, and private processes not registered in this module cannot use the timer management of this module and the communication module. Instead, they are scheduled directly by the Kennel, and the communications of the processes are managed by themselves via the message mechanism of the kernel.

Based on the location of the destination process, process communication may be the communication between the processes of one CPU or that between those of different CPUs. Process communication is performed by using the message mechanism provided by the kernel. The process communication between different CPUs is performed via 100M Ethernet interfaces between the boards. Inter-board communication is based on TCP connections. Process communication implements priority-based message communication. This module provides four priorities, the message processing of which is performed by using the existing algorithms of the ROS (one message queue is divided into four even parts, and messages of different priorities are accepted and rejected



based on the depth of the message queues dynamically monitored). They are not modified into multiple priority queues, but are implemented by using different algorithms (for example, decision priority, weighted priority, etc.).

The process communication sub-module can implement process communication, both intra-processor and inter-process, through synchronization messages. Two suspension mechanisms are provided for the sending of messages: Timeout suspension and no suspension.

Timer and Clock Management

Every process can be set with multiple timers for triggering timing service and timeout processing. There are relative timers and absolute timers. Relative timers include single-time and cycle timers according to the times of activation. Depending on whether the period of the timer is configurable, there are named timers and nameless timers. A named timer is a timer whose period can be modified on line by using the configuration program of the OAM. In addition, ROS also supports timers with random ∆ delay.

Timers are handled in a way that they are appended to the queue when they expire. The timing period actually used is divided into segments, and the timer control module describes the appropriate queue indexes. Therefore, the inserted delay is basically constant, and it is not necessary to find the insertion position in the timer queue every time when a new timer is set, since it can be simply appended to the tail of the queue. However, 999.9S and absolute timers are still managed in the old way that is based on a single queue.

Memory Management

The buffer area is an important resource of the system. To efficiently use the limited memory resource and minimize memory fragments, the needs of the application for the buffer area are handed differently in the design of the module. When the needed buffer area is greater than 8192 minus the memory block of the description header information of the buffer area, one buffer area will be obtained from buffer areas of 64, 128, 256, 512, 1024, 2048, 4096, and 8192 specified by the ROS. Other needs for large memory obtain the buffer areas by using the pile management module of the ROS. The buffer areas of each size are managed in a queue, with the function interface for request and return provided. The buffer area queue is a simple cycle queue. At request, one idle block is taken from the head of the queue, and at return, the block is returned to the tail of the same queue. Since every task of the system will request and return the buffer area queue, mutual exclusion control must be enforced. Every buffer area has a buffer area control block (MCB), which records the queue of that buffer area and its occupation flag. At the request for a pointer and return of a pointer, the MCB prevents invalid memory from being returned to the queue. The MCB will check the simple memory access out-of-bound errors and perform appropriate processing by invoking the specified hook program. In the debug version, the boards with the hardware MMU can have memory transgressing monitored by the MMU.

In the module, the management of the files is only to perform simple encapsulation of the memory management allocation function of the VxWorks. The space of a pile is determined at running. The space from the high-end of the physical memory to the highest end occupied by the system with the specified memory block space excluded is created as a separate MEM area of the VxWorks, for pile management. Similarly, memory allocation and release of the pile are subjected to measurement and memory out-of-bound check.

System Control



The functions of the system control module are:

1. Starts the processes in the specified order

2. Maintains the rack diagram, which collects and upgrades the running status information of the rack of the switch during its running, including port information, takes appropriate actions when the port is Up/Down.

3. Starts the dotting timer after receiving the message from the system process management module. After the system control process receives the message from the dotting timer, it dots on the interface, and stops dotting after the synchronization is ended, and displays the welcome information.

4. Starts multiple timers of different periods to perform the following functions:

Process monitoring: The system control process starts the timer to monitor the status of all the processes at regular intervals. When any process is suspended, the system in the Debug version will print the prompt message, while the system in the Release version will reset the board.

Clearing the Watchdog: The Watchdog is added to avoid the faults that may occur during the running of the board. The software can set the WDG_TIME. If the watchdog is not cleared in this period, the watchdog will reset the equipment. The watchdog is cleared by the system control process. If the system control process fails to clear the watchdog within WDG_TIME due to reasons such as suspended, the equipment will be reset.

System running indicator/panel indicator control: The system running indicator indicates the current running status of the system, and the panel indicator indicates the running status of the boards. The system control process invokes the panel indicator driver function provided by the BSP to regularly turn on and off the running indicator and other alarm control and port status indicators.

Providing statistics: It is to provide statistics of the resources and the running of the processes in the system. The statistics covers the size of the memory, memory utilization, CPU utilization, system running time, and the processes encapsulated by the ROS. The parameters about the processes include stack size, scheduling times, CPU utilization time, seizure times, and the information about the process synchronous/asynchronous message queues.

Version File Load

First, the version files are obtained from the specified FTP server from the network and then stored in the FLASH. The local file system is a DOS file system. After the version is running normally, the compressed version file is decompressed, and then stored in the RADDISK. Version upgrade is simple, since remote version upgrade is allowed.

4.3.3.2 SSP Switching Subsystem

The objects of the SSP switching subsystem are the Ethernet switching chip in the system. Its major functions are to initialize the hardware, collect the configuration, status and statistics, and exchange packets between the CPU and the switch chip. The functions it performs roughly fall into the following parts:



• Bottom-layer I/O operation, including reading/writing the register directly/indirectly, and reading and writing the memory

• Initialization

• DMA operation, and packets exchange between the CPU and the switch chip

• Port operations, including port configuration, port mirroring, port TRUNK, port rate shaping, BC/MC/DLF rate limiting, and port blocking

• VLAN operation, including addition, deletion, and upgrade of the VLAN

• L2 MAC table operation, including addition, deletion and aging of MAC tables

• L3 route operation, including setting and deletion of the accurate match forwarding table. addition and deletion of maximum prefix match table

• ACL configuration, working together to implement some QoS

• COS, and DSCP, working together to implement some QoS

• Spanning tree Configuration

• LED operation

• MIB statistics

4.3.3.3 The forwarding core of the Ethernet routing switch is the ASIC chip. For the ZXR10 3900A, the L2/3 services, ACL and QoS are performed by this ASIC chip with the correct setting by the SSP subsystem. The SSP ensures that the system data are forwarded reasonably and correctly by properly setting the hardware attributes of the Ethernet chip, which is the key of the system software of the ZXR10 3900A.

4.3.3.4 Software Forwarding Support Subsystem

As a conversion bridge, the software forwarding support subsystem converts the forwarding tables, rule tables and strategy tables generated by the protocols as needed by the SSP, and add, deletes or upgrades these tables. It also needs to process the data that the Ethernet packet processor cannot process, for example, IP packets and IP header error with options. In multicast forwarding, the IP forwarding support module collects the multicast forwarding data, and provides them to the multicast routing protocol for processing.

In the broadband access application, the software forwarding support subsystem performs user authentication, detection, management and charging, and at the same time maintains the user access control information of the Ethernet ASIC chip.



4.3.3.5 Layer 2 Management and Protocol Subsystem

MAC Address Management Module

Basic VLAN Module

QinQ Module

PVLAN Module

VLAN Translation Modulation

Super VLAN Module

Spanning Tree Protocol (STP) Functional Module

Link Aggregation Module

Port Mirroring Module

IGMP Snooping Module

802.1X Module

4.3.3.6 IP Support Protocol Subsystem

IP supporting protocol sub-system

IP protocol processing involves:

IP basic protocol module: mainly IP/ICMP/ARP and routing management

TCP processing module

UDP processing module

4.3.3.7 Unicast Route Subsystem

This subsystem is composed of the following modules, as shown in the following figure.

Figure 27 Functional Block Diagram of the Unicast Routing Protocol Subsystem

Including:



• RIP

• OSPF

• IS-IS

• BGP

4.3.3.8 Multicast Route Subsystem

The IP multicast routing technology enables effective point-to-multipoint data transfer over the IP network. IP multicast can effectively economize network bandwidth, and reduce network load, so the IP multicast routing technology has found wide application in many aspects such as resource discovery, multimedia conference, data copying, real-time data transmission, game and emulation. Multicast routing protocols can be classified into intra-domain protocols and inter-domain protocols. Inter-domain protocols include MBGP and MSDP, while intra-domain protocols include PIM-SM, PIM-DM, and DVMRP. Intra-domain protocols can be divided into two categories. One is coarse multicast routing protocol, including PIM-SM. The other is dense multicast routing protocol, including PIM-DM and DVMRP. At present, PIM-SM is the most practical multicast protocol.

4.3.3.9 Application Subsystem

The application subsystem corresponds to the three upper layers of the OSI reference model. The applications are FTP, TFTP and TELNET, DHCP and NAT. The application layer corresponds to the lower four layers. But in fact, they both serve other software subsystems. The FTP and TFTP serve the file system of the router, and it can receive the command applications copied by the related files of the Operation & Maintenance subsystem. Both the FTP and TFTP must implement the server/client function. The server can receive the connections from other clients and instructions and perform file transfer. The client function allows the router system to communicate with the hosts (routers) with the server function, for performing such tasks as version of file transfer.

The TELNET provides services for the Operation & Maintenance subsystem, to allow the maintenance personnel of the router to manage the router via TELNET. Both TELNET and FTP use the primitive provided by the bottom-layer TCP to receive and transmit packets. The TFTP uses the primitive provided by the bottom-layer UDP to receive and transmit packets.

4.3.3.10 Security Subsystem

For protection from virus on the network, the ideal conditions would be that user-level virus detection can be provided, so it is expected that the user can install patches and anti-virus software. However, in many cases, users cannot accomplish this task, so the switch must provide network-level virus detection and alarming.

In addition, the switch must enhance its protection against the attack from malicious users, to avoid breakdown of the switch and the network at large. The ZXR10 3900A implements network-based security protection. In our system, the security detection function is distributed among the modules, instead of providing a dedicated IDS module.



In the ZXR10 3900A, the security subsystem performs the following functions:

• Detects the viruses that can cause soaring network traffic such as “SQL worm”, “code red” and “Blast”, and produces the appropriate alarm or shuts down the user port

• Prevents ARP fraud of users

• Provides flood protection for MAC addresses and limits the number of MAC addresses of the ports

• Sets the broadcast packet threshold of the ports

• Mixed ACL filtering of L2, L3, and L4

• Route filtering

• Disables the ICMP redirection function and prevents the attackers from sending false ICMP packets

• Prevents DoS attack

4.3.3.11 Maintenance and Management Subsystem

During the running of the routing switch, the user must be able to real-timely monitor its running and that of the whole network, and the user needs to configure the route and the whole network, so an interface must be provided to allow the routing switch and the user to interact. This interface must provide all the necessary functions and are easy to operate. The popular command line interface is used. The command line provides the user mode, privileged mode and configuration mode, and enables the user to configure the route and manage its faults.

The maintenance management subsystem receives the user commands from the TELNET, parses them and checks their validity, and then creates the execution ID based on the parse result, before sending them to the command execution sub-module for execution. During the execution process, it will invoke the services provided by the database module to save the command configuration.

This maintenance and management subsystem is usually composed of the command parse module, command execution module and database.

4.3.3.12 Monitoring Subsystem

In the ZXR10 3900A system, the monitoring subsystem monitors the status of the boards and ports on line. According to the loop detection function provided by each board chip, the on-line monitor of the board includes:

• Self-loop monitoring of the internal data bus: Used to detect whether the connection of the internal data bus connection is normal



• Intra-chip self-loop: Used to detect whether the major chips on the board are working normally

• Line self-loop: Used to detect whether the data transmission on the line side is normal



5 Operation and Maintenance

5.1 Physical Indexes

Table 5 Physical Indexes

Physical parameters 3928A/3928A-PS 3928A-FI 3952A

Size 43.6×442×280 43.6×442×280 43.6×442×360

Maximal weight of the whole set

<6kg 3928A-PS<7kg

<6kg <6kg

Color See the picture in the appearance section

See the picture in the appearance section

See the picture in the appearance section

5.2 Capacity

Table 6 Capacity

Physical parameters 3928A//3928A-PS 3928A-FI 3952A

Switching capacity 18.8G 18.8G 29.6G

VLAN 4K 4K 4K MSTP instances 16 16 16

Trunks 32 groups with 8 ports per group

32 groups with 8 ports per group

32 groups with 8 ports per group

ACL entries 2K 2K 2K QOS queues 8/port 8/port 8/port Port rate limit granularity 64k 64k 64k

Multicast groups 1k(Layer 2) / 256(Layer 3)

1k(Layer 2) / 256(Layer 3)

1k(Layer 2) / 256(Layer 3)

Routing table capacity

Subnet route: 8K Host Route: 4K



Dot1x user 2k 2k 2k



5.3 Power

Table 7 Power

Physical parameters 3928A/3928A-PS 3928A-FI 3952A

Maximal power consumption

30w 3928A-PS<750W

30w 30w

Power supply AC/DC AC/DC AC/DC

Power supply range for accessed power supply change permitted

DC: 40~57V

AC: 100~240(±10%)

DC: 40~57V

AC: 100~240(±10%)

DC: 40~57V

AC: 100~240(±10%)

maximal peak voltage pulse <300V <300V <300V

Whether anti-power burst component is equipped yes yes yes

5.4 Working Environment

Table 8 Working Environment

Physical parameters 3928A 3928A-FI 3952A Work environment temperature -5℃~45℃ -5℃~45℃ -5°C~45°C

Storage environment temperature -40℃~70℃ -40℃~70℃ -40℃~70℃

Relative work humidity

5%~95%, non-condensing



Anti-earthquake Richter 7 Richter 7 Richter 7

5.5 Reliability

Table 9 Reliability

Physical parameters 3928A 3928A-FI 3952A

Reliability MTBF: >50,000 hours, MTTR: <30 minutes



6 Typical Networking (Optional) Networking Applications of Access layer in MAN:

ZXR10 39A series switches are safe and intelligent ones suitable for MAN access layer application. They could work as campus switch, and the access layer connects users via 39Aswitch, which provides rich bandwidth and access management features. Its application is shown in Figure 31.

Figure 28 MAN networking application



7 Acronyms and Abbreviations

Table 10 Acronyms and Abbreviations

Abbreviation Full form ABR Area Border Router ARP Address Resolution Protocol AS Autonomous System ASBR Autonomous System Border Router ASN Abstract Syntax Notation ATM Asynchronous Transfer mode BIC Bridge interface & Alarm monitor card BFEIE Fast Ethernet Interface- Electric for BRAS BFEIO Fast Ethernet Interface-Optical for BRAS BGEI Gigabit Ethernet Interface for BRAS BGP Border Gateway Protocol BNPC Network Processing Card for BRAS BSFC Switch Fabric Card for BRAS BTSR Back plane for Terabit Switch Router BUPC Ultra Protocol processor control card for BRAS CHAP Challenge Handshake Authentication Protocol CIDR Classless Inter-Domain Routing COS Class of Service CRC Cyclic Redundancy Check abbreviation English full name CSN Cryptographic Sequence Number DDN Digit Data Network DNS Domain Name System EBGP External Border Gateway Protocol EGP Exterior Gateway Protocol FDDI Fiber Distributed Data Interface FEI Fast Ethernet Interface FEIOE Fast Ethernet Interface-Optical/Electric FIFO First In and First Out FPGA Domain Programmable Gate Array FTP File Transfer Protocol FTP6 File Transfer Protocol Version 6 GEI Gigabit Ethernet Interface



Abbreviation Full form HDLC High-Level Data Link Control ICMP Internet Control Message Protocol ICMP6 Internet Control Message Protocol 6 IETF Internet Engineering Task Force IGMP Internet Group Management Protocol IGP Interior Gateway Protocol IP Internet Protocol IS-IS Intermediate System -to- Intermediate System abbreviation English full name LAN Local Area Network LSA Link State Advertisement MAC Media Access Control MD5 Message Digest 5 MIB Management Information Base MPLS Multi-Protocol Label Switch MTU Maximum Transmission Unit NIC Network Information Center NLRI Network Layer Reachable Information NMS Network Management System OID Object ID OSI Open Systems Interconnection OSPF Open Shortest Path First PAP Password Authentication Protocol PCB Process Control Block POS Packet over SDH PPP Point-to-Point Protocol PRT Process Registry Table QOS Quality of Service RFC Request For Comments RARP Reverse Address Resolution Protocol RIP Routing Information Protocol RLE Route lookup engine abbreviation English full name RMON Remote Monitoring SDH Synchronous Digital Hierarchy SMTP Simple Mail Transfer Protocol SNMP Simple Network Management Protocol TCP Transmission Control Protocol TFTP Trivial File Transfer Protocol



Abbreviation Full form TOS Type Of Service TELNET Telecommunication Network Protocol TTL Time-To-Live UDP User Datagram Protocol VLSM Variable Length Subnet Mask VPLS Virtual Private LAN Service VPN Virtual Private Network VPWS Virtual Private Wire Service WAN Wide Area Network WWW World Wide Web

zxr10 3900a product description - liberty · pdf filezte confidential proprietary © 2010...

Documents