Enabling the Network to Be More Agile for services
Enabling the Network to Be More Agile for services HUAWEI S12700 Series Agile Switches Tech-Level Main Slides Contents 1 Future Requirements 2 S12700 Agile Switch Introduction 3 Success Stories 4 Third Parties‘ View on Agile Switch 1 Traditional Networks Cannot Support Fast Service Development Fast service development, slow network upgrade Maturity and commercial value • • Service provisioning time is reduced from months to days. At least 1 year is required for hardware device development, and 3 years for chip development. Lack of differentiated services • Time N months 1 year Packet loss ratio must be lower than 10-6 for video services and lower than 10-2 for voice services. Multimedia services generate 3 to 5 times more traffic than other services. • N years New services pose new requirements Service Feature and product • Chip Service provisioning is much faster than hardware development. Network is restricting services. 2 • Resource cloud requires high reliability, high bandwidth, and smooth experience. Mobile applications introduce security risks, unpredictable traffic, difficult right control, and inconsistent experience. Unsatisfactory Service Experience on Traditional Networks Poor image quality Slow response Video conference Desktop cloud Delayed and unclear voice Packet loss and delay Voice Other services No effective measures to improve service experience • Packet loss, delay, and jitter degrade service experience. • It is difficult to locate and fix intermittent service faults when network configurations are complex. • Traditional network quality measurement technologies (like NQA) cannot reflect actual network quality. 3 Inefficient Service Deployment Current network situations Policy • Static network, manually configured • A large number of access devices, huge configuration workload • AP 2 wireless devices AP 1 • User A Move Separate management of wired and Move How can security and access policies adapt to changing user locations? 4 Unable to adapt to changing services Agile Switch Enables Networks to Be More Agile for Services … Agile service Agile management • Simple O&M: SVF, uniform Various service features: native AC, wired and wireless convergence; unified user management • Fast service deployment: full programmability for service innovation access device deployment • Accurate quality management: iPCA, zero-error in-line monitoring 5 Agile evolution • Fully programmable architecture: enables networks to be more agile for services • SDN: ultra-large hardware tables, dual planes, supporting evolution over the next 10 years Contents 1 Future Requirements 2 S12700 Agile Switch Introduction 3 Success Stories 4 Third Parties' View on Agile Switches 6 Contents 2 S12700 Agile Switch Overview ENP: Start Now, Change the Future Agile Service: Refined Service, Unified Experience Agile Management: Unified Management, Accurate Troubleshooting Agile Evolution: Change On Demand, 10-Year Scalability Agile Value-Added Services: IPS, FW, ADC, NetStream E2E Reliability: Hardware CSS2 and E2E Detection Product Selection: Powerful Performance, Leading Specifications 7 Switches Need an Agile Chip Swap line cards for different services Agile chip for on-demand services ENP chip: mass services, programmability Customer Agile switch: new application = Fast customization Swap cards Supplier Agile switch: upgrade, expansion = unified management without replacing hardware VPN Ready MPLS card ENP Video Just Large-buffer card launched ※ENP: Big Data Big Data processing card New Ethernet Network Processor ASIC chip: limited services ASIC switch: new application = new hardware, long delay ASIC switch: upgrade, expansion = changes in physical and logical networking 8 15 Years of IP Chip Research, Dedicated to ENP Huawei's 20+ years of chip design history Ability 8,000 gates 0.8 um 3.5M gates 0.18 um 2M gates 0.18 um 100k gates 0.35 um 40M gates 0.13 um First COT chip ASIC R&D center founded First digital chip 1991 1993 First digitalanalog chip First SOC chip Step in endcustomer market 80M gates 65 nm 50M gates 90 nm High-end chip in full swing Wireless terminal and digital media chip 150M gates 45/40 nm Chip in LTE fields 500M gates 32/28 nm Smart terminal 4core chip ENP Time 1998 2001 2002 2004 2006 2007 2008 2010 2012 2013 Top experts, world’s first ENP chip Paul Nadj NPU Chief Architect Bill Lynch, CTO ENP Chief Architect 17 years’ chip experience IDT algorithm architect Silicon Access Technology Creator 22 years’ chip experience Procket founder & CTO UltraSPARC Chief Architect Du Wenhua Switching Network Chief Architect 16 years’ chip experience Focused on switching network, traffic policy Huawei NE40E Chief Architect http://www.linkedin.com/pub/bill-lynch/9/823/9b7 20+ top chip experts 9 500+ excellent chip engineers Cooperation World's First Ethernet Network Processor Huawei-designed, innovative processor Chip Programm Openness -ability ASIC Low Low ENP Performance Cost ENP dedicated for switches Integration CPU Interface High Low High High High High Low (Huaweideveloped) Fast app deployment External storage DataPath High NPUGroup Group NPU NPU Group Hardware accelerator Search Engine Traffic Manager Packet Memory Table Memory External DRAM Instruction Memory Instruction set Memory Huawei-invented MAC System-on-a-Chip (SOC)-based Experience guarantee ENP Lower CAPEX Energy-saving, cost-effective 10 Hardware accelerator: integrates instructions and improves forwarding performance on Ethernet networks. Smart memory: integrates key entry resources into the chip to improve lookup efficiency. SOC structure: integrates TM+MAC entries into the ENP to reduce chip power consumption. Advantages of Agile ENP Full programmability Wireless application, Protocol Oblivious Forwarding (POF)… High performance: hardware acceleration Efficient forwarding, high processing performance… Convergence and convenience BYOD, SDN… High-efficiency Hybrid OpenFlow… Low power consumption: intelligent power adjustment Real-time detection, intelligent control… Green Energy-saving… Large entries: inherent specifications Large buffer, service detection… Detection and experience Interactive video, fine-grained management … Agile Chip, More Potential 11 Customers’ service concerns Full programmability: customized services Contents 2 S12700 Agile Switch Overview ENP: Start Now, Change the Future Agile Service: Refined Service, Unified Experience Agile Management: Unified Management, Accurate Troubleshooting Agile Evolution: Change On Demand, 10-Year Scalability Agile Value-Added Services: IPS, FW, ADC, NetStream E2E Reliability: Hardware CSS2, E2E Detection Product Selection: Powerful Performance, Leading Specifications 12 User- and Service-Centric Network, Simplified Management Unified wired and wireless management Wired & wireless networks or Unified authentication and management Separate wired and wireless management Separated authentication and Diversified management terminals or or Unified user management or Heavy wireless traffic Native T-bit AC Accounting Expensive billing gateway Mobile users Independent G-bit AC Native T-bit AC, unified network management Dynamic user-based policy delivery Static policy configuration Unified user management, unified user experience Fine-grained user and service management 13 or Unified User Management, First Switch with Professional User Management User and Service Management Unified User Management Unified wired and wireless user authentication Accurate user and service management Users 64K Bandwidth 1 kbps Flow queues 64K 8x 8x 174x 8K 8 kbps 374 H-QoS Benefits 802.1X ACL DAA Security Portal @ 14 Port Class MAC User United wired and wireless security Service Manage terminals of various types Traditional Switch Agile Switch BRAS technical expertise HQoS, rights control, fine-grained service management Destination Address Accounting (DAA), differentiated accounting Centralized Authentication, Unified User Management Scattered authentication points, difficult to manage Policy Center • Two core nodes in a CSS2 cluster, with user management and AC functions 802.1x authentication is widely used on campus networks. Authentication packets cannot reach L3 network, so authentication points are distributed on L3 gateways. • Wireless users are authenticated by ACs and managed separately from wired users. Core layer Stacks of aggregation switches: border between L2 and L3 Unified authentication point • management complex. L3 routing Aggregation layer L2 switching Access layer Separate admission and Internet access authentication points make Unified user management, consistent experience • Unified policies are enforced on 802.1x and Portal authentication users. Core devices act as authentication points (including 802.1x) to simplify configuration and management. Wired Hybrid Wireless • Native AC centrally manages wired and wireless users. • Integrated admission and Internet access authentication points avoids twice authentication. 15 Advanced H-QoS, Fine-grained User/Service Management H-QoS schedule Flow queue Voice, data, video… (single user) User queue Common user, VIP… Physical port… H-QoS Per port bandwidth control: service traffic is differentiated • based on classes of service but not users • Voice, data, video… (all users) Port queue Port Class User Service Traditional QoS • Class queue Unable to manage and schedule multiple services of multiple users 16 Hierarchical per-user-per-service scheduling, quality guarantee for VIP users and high-priority services • High performance, 64K queues Unified User Management, Professional Accounting Authentication and accounting process Flexible accounting By time AAA servers decide whether to permit access to the internet Monthly payment AAA servers send authentication success and accounting-start messages ③ ④ ⑤ Receive authentication success message. Permit user access. By traffic DAA Campus S12700 (gateway) ② Accounting method Destination Address Accounting (DAA) AAA Servers Gateway sends user information to AAA servers Request for Internet access ① User A User B 17 Differentiated accounting policies: separate accounting for internal and external traffic Flexible bandwidth control: different destination IP addresses, different bandwidth Priority-based scheduling: different destination IP addresses, different service priorities World's First Native AC Native AC, one-stop deployment Agile Switch Traditional AC, independent deployment Bottleneck Wireless Wired wired Native AC All-in-one Wired Native T-bit AC Unified forwarding Switching capacity 1 Tbps APs 4K Users 64K Traditional AC 100X 4X 6X 10 Gbps 1K 10K Benefits • No additional AC, saving slots and reducing TCO Wireless • No performance bottleneck 18 Flexible Value-added Service Deployed by MSV Traditional deployment Multi-service Virtualization (MSV) NMS Controller Campus egress Campus egress Firewall MSV zone Data center Online behavior management (ASG) Service chain nodes Antivirus expert Data center (AVE) Guest zone Dept A Dept B Internal public Service chain • Scatter configuration: Adding or removing devices results in • Uniform deployment, convenient maintenance: Value-added re-planning and network interruption. services are deployed in MSV zone. • Complex configuration, low reliability: You must analyze traffic forwarding paths and configure interfaces/links. No mechanism to quickly respond to link failures. 19 • Simple configuration: MSV configuration is completed on Controller reducing configuration workload. Contents 2 S12700 Agile Switch Overview ENP: Start Now, Change the Future Agile Service: Refined Service, Unified Experience Agile Management: Unified Management, Accurate Troubleshooting Agile Evolution: Change On Demand, 10-Year Scalability Agile Value-Added Services: IPS, FW, ADC, NetStream E2E Reliability: Hardware CSS2, E2E Detection Product Selection: Powerful Performance, Leading Specifications 20 SVF, Simplest Converged Network Solution Super Virtual Fabric (SVF) Converged architecture Typical architecture Tree architecture Transverse CSS on Core Aggregation CSS2 AC Virtual MPU Virtual LPU core/aggregation layers AC bypass MPU1 MPU3 MPU2 MPU4 T-bit 1 2 M Virtual Ports 1 2 N Terminals • 1+N MPU backup in a cluster: The system works as long as one MPU runs normally. The industry's first 2-layer AS architecture. Device reuse: Original access/core device can be used through software upgrades. Manages 64 ASs and 2K APs. The only vendor that supports centralized management of APs. Only vendor that supports third-party devices allowed between SVF parent and clients 21 Access switches as virtual APs as virtual ports Terminals Professional Capabilities • Virtual equipment on the cards AP • • on-demand campus Access Massive access switches • Cloud architecture, expand Benefits • • • Simplified device management: Hundreds of wired and wireless devices are virtualized into one device, so only one NE needs to be managed. Access switches and APs are plug-and-play. Simplified service configuration: uniform configuration templates for wired and wireless services. Service-centric networks: Service configurations are made on core devices and automatically delivered to access devices, realizing centralized network management and flexible adjustment. Innovative iPCA, IP Network Real-time Monitoring NQA/SAA coarse-grained detection iPCA fine-grained detection Packet loss! Fault on 6th card of 2nd switch GE GE Detection Flow User User 3 1 Data Flow 2 Monitor real data flow iPCA NQA/SAA Simulated data flow is easy to distort: detection flow is not the same as data flow Lengthy troubleshooting: need to locate the fault step by step Coarse detection: faults located only on device Zero error: color the real data flow Visual detection: eSight shows entire traffic flow; easy to locate failure points and evaluate performance Chipset-level troubleshooting: two detection stations inside the ENP detect faults in the link, device, card, and chipset iPCA: Packet Conservation Algorithm for Internet 22 iPCA: In-line and Visual Fault Detection Filter the detection flow in six dimensions Field Description Reference SIP Source IP address DIP Destination IP address Assemble the six PT Protocol Type elements DSCP DSCP according to SPort Source port number DPort Destination port number requirements Color packet in-line, zero-cost troubleshooting IP header Color the packet: Use the two rightmost bits of ToS or leftmost bit of Flag as the color bit to mark the detection flow, no deviation or cost Multiple detection and visual presentation Packet loss detection: calculate the packet loss ratio MCP between ingress and egress Ingress Visual management: use switch as Data Collecting Point Egress DCP Ingress Ingress Egress Egress DCP DCP DCP Ingress Detection flow Data flow Egress 23 (DCP) and eSight as measurement control point. Collect data and present results. Contents 2 S12700 Agile Switch Overview ENP: Start Now, Change the Future Agile Service: Refined Service, Unified Experience Agile Management: Unified Management, Accurate Troubleshooting Agile Evolution: Change On Demand, 10-Year Scalability Agile Value-Added Services: IPS, FW, ADC, NetStream E2E Reliability: Hardware CSS2, E2E Detection Product Selection: Powerful Performance, Leading Specifications 24 HUAWEI SDN Idea on Agile Switch Full programmability Mobility Cloud Computing Social Media Big Data IoT 1. Multi-layer open interfaces 2. Programmability at forwarding plane 3. POF supports programmability of future protocols Enable Networks to Be More Agile for Services Smooth evolution Centralized control Network openness NFV Full programmability Industry SDN Quality perception Smooth evolution Unique Features of Huawei SDN HUAWEI SDN Idea 25 1. NEP is adaptive to new services and protocols 2. Dual-plane design allows the routing plane and SDN plane to coexist Quality awareness iPCA allows traditional networks to be aware of network quality and locate faults in real time Agile Evolution: Industry’s First SDN Switch Forwarding protocol evolution IPv4 1 version in 32 years 1 version in 15 years IPv6 OpenFlow 1981 Quick evolution 1998 5 versions in 4 years 2009 2012 SDN switch highlights Hybrid OpenFlow: both flow and packet forwarding; mature technology + innovation Large table: 16M flow table entries for high-performance forwarding Software-defined: new services provisioned in 6 months 26 Agile Evolution: Protocol Oblivious Forwarding Traditional forwarding MAC VLAN IP Payload Rules CAM packet analysis Core Engine Action and parameter IP forwarding QoS ACL Forwarding process: inflexible, fixed; identify and then Packet: SDN controller Analysis rules X bytes X bytes X bytes ENP Analysis module Packet: POF CAM packet analysis Action and parameter … Core Core Engine IP forwarding QoS ACL Forwarding process: flexible and scalable; forwarding method is not fixed parse packets New services: long development time – may need new processes and have to change the chipset 27 New services: easy development, unnecessary to develop new chipset POF Application Example Agile Controller 1. Send 0x0889 packets, dropped by network device Agile switch S12708 2. Create new packet format, forwarding table, and forwarding process on Controller and deliver them to switches. 3. Switches process 0x0889 packets following userdefined process. Tester: Tesgine 28 Contents 2 S12700 Agile Switchover Overview ENP: Start Now, Change the Future Agile Service: Refined Service, Unified Experience Agile Management: Unified Management, Accurate Troubleshooting Agile Evolution: Change On Demand, 10-Year Scalability E2E Reliability: Hardware CSS2, E2E Detection Agile Value-Added Services: IPS, FW, ADC, NetStream Product Selection: Powerful Performance, Leading Specifications 29 Device-Level: Redundant Key Components, 99.999% Availability Components shared by different models Redundant key components: keep service running during hardware hot swaps MPU Model S12708 S12712 Availability (%) 99.99958 99.99959 1+1 MPUs SFU 3 +1 SFUs CMU 1+1 CMUs Power M+N power supplies Fan 1+1 fan layers 1+1/M+N redundancy of MPUs, power supplies and CMUs, hot swappable modules and fan trays Dynamic 3+1 SFU backup Two fans in each fan tray, improving device reliability 30 Device-Level: CSS2, Innovative 1+N Backup of Control Cards Service port cluster: 1+1 backup of MPUs Management channel Control channel Power bus Master chassis MPU Master chassis MPU LPU LPU Forwarding channel Power bus CSS2: 1+N backup of MPUs Management channel Power bus Standby chassis MPU Standby chassis MPU × × LPU Control channel Master chassis MPU Master chassis MPU Forwarding channel Standby chassis MPU Standby chassis MPU CMU CMU SFU SFU LPU SFU LPU LPU Industry √ LPU SFU LPU HUAWEI High Reliability: Industry-leading switch fabric hardware clustering technology directly forwards control and data packets through switch fabrics. 1+N backup of MPUs allows a cluster to run with only one MPU. 31 CSS2: Lowest Inter-Chassis Delay in the Industry Service port cluster forwarding model Data packets SFU Service card Service card Chassis 1 CSS2 forwarding model Cluster cable Data packets SFU SFU Service card Service card Chassis 2 Service card Service card Chassis 1 • Twice switching with service port cluster vs. once with CSS2 • 4 μs inter-chassis delay in CSS2 32 Cluster cable SFU Service card Service card Chassis 2 CSS2: User-Friendly Indicator Design, Easy O&M MPU SFU CSS card slot OFL button CSS ID indicator MASTER indicator Indicator Card Color MASTER: active/standby status indicator MPU Green CSS ID: cluster ID indicator MPU Green LINK/ALM: port status indicator OFL: card removal button LINK/ALM indicator Description • • Steady on: This card is the cluster’s active MPU. Off: This card is not the cluster’s active MPU. • • Steady on: device’s cluster ID. For example, if indicator 1 is on, cluster ID is 1. Off: device not in a cluster. CSS card Green Red • • • Steady green: Port is Up and connection is correct. Steady red: Port connection is incorrect. Off: Port link is Down. SFU Green • Steady on: The card can be removed now. ★OFL (Offline) 33 Network-Level: E2E Hardware OAM/BFD Hardware BFD/Eth-OAM Video surveillance Voice Video conference Video conference Test flow Benefits Reliable Fast Exclusive hardware-based link detection 3.3 ms fast and stable detection 0 CPU usage, high reliability of high traffic volumes 50 ms failover, unnoticeable to users 34 Verified Verified by Miercom/Tolly Contents 2 S12700 Agile Switch Overview ENP: Start Now, Change the Future Agile Service: Refined Service, Unified Experience Agile Management: Unified Management, Accurate Troubleshooting Agile Evolution: Change On Demand, 10-Year Scalability E2E Reliability: Hardware CSS2, E2E Detection Agile Value-Added Services: IPS, FW, ADC, NetStream Product Selection: Powerful Performance, Leading Specifications 35 Abundant VASs and High Application Scalability NGFW NetStream IPS Antivirus NGFW Card • • Anti-DDoS ADC SSL VPN Professional firewall products oriented to the IPS Card OSP Card next-generation networks • • Next-generation professional intrusion detection and defense products Huawei-developed VAS platform • Service Types Huawei-developed VAS platform x86 architecture, Intel Core i7-2710QE + LSW VGA • Supports third-party and customized applications • Firewall/NAT Service Types • IPSec VPN/SSL VPN • • IPS • IPS (Checkpoint) • Antivirus • ADC (F5) • Anti-DDoS • DLP • SLB IPS Service Types X1E and E series cards support NetStream. 36 Next-Generation Firewall for All-round Security Protection All-round security protection NGFW redefines border security Application awareness: • Identifies 6,000+ applications 85,000 URLs 5M malicious codes Identify control, QoS management, and URL filtering based on type of application Content awareness: • Identify the type of files, check content and data to prevent leaks Time awareness: 5-tuple Application Content Time User Threat Position • 24-hour non-stop traffic monitoring User awareness: • User-based access control, online behavior management, traffic control Attack awareness: Access control of traditional firewall Contents of 20+ file types 50+ types of files 8 types of user identity authentication Globally positioned databases • Detect threats of worms, Trojans, and viruses Position awareness: • Analyze threat statistics and control access based on position of applications 37 IPS: Accurate Network Protection Protect clients Protect servers Protect devices Protect bandwidth D N S Vulnerability of office applications Rogue software (Trojans…) Server vulnerability Web applications Rogue software DNS, switches, routers Manage bandwidth Comprehensive protection: Accurate detection: Easy to use: From servers to applications Efficiently block threats Zero configuration Provide the most effective Detect vulnerable characters by recombining traffic and extracting information protection for browsers, media files, and other documents Study the baseline of data flows, automatically adjust limits Zero configuration: integrated signatures, no need for signature checking or network parameter adjustment Abundant policy templates: easiest configuration for special applications 38 ADC: Comprehensive Load Balancing Bidirectional link-based load balancing Campus network Local DNS Telecom All-round load balancing in various scenarios Multi-ISP 2G egress Huawei cooperated with F5 to develop high-quality 1 S12700 load balancing with the OSP hardware platform Internet 2 + ADC card Unicom 1G expert quality External servers Internet users ask for load balancing Comprehensive load balancing Link-based bidirectional and application-based load balancing App-based load balancing Servers Software 10+ load balancing algorithms such as polling, HTTP HTTPS FTP SIP RSTP DNS Internet S12700 + ADC card 39 Multiple applications percentage, priority, minimum connections Reliability 1+1 standby: active/standby, active/active NetStream, Service-Oriented, High-Precision Packet Sampling NetStream Data Analyzer (NDA) It retrieves statistics from the database, processes the statistics, and generates reports, which are basis for services like trafficbased accounting, network planning, and attack detection. Law compliance User behavior analysis Traffic-based Service quality accounting assessment Attack detection Network planning eSight NetStream Collector (NSC) An NSC, such as eSight or HP ManageEngine, collects packets from the NDE and saves packets in the database for NDA analysis. eSight Source Dest IPv4 Protocol IPv4 address ID address • • • Source port Dest port IPv6 TOS Multicast MPLS Standards compliance: Netflow V5/V8/V9. In addition to Huawei eSight, the S12700 can connect to the NMSs of mainstream vendors, such as VMware, to build a complete network flow system. Larger flow table: 1M original flows and 256K aggregation flows. 1:1 line-rate sampling. 40 V5/V8/V9 NetStream Data Exporter (NDE) It samples and collects statistics on flows meeting certain conditions, and sends the statistics to the NSC. S12700 Contents 2 S12700 Agile Switch Overview ENP: Start Now, Change the Future Agile Service: Refined Service, Unified Experience Agile Management: Unified Management, Accurate Troubleshooting Agile Evolution: Change On Demand, 10-Year Scalability E2E Reliability: Hardware CSS, E2E Detection Agile Value-Added Services: IPS, FW, ADC, NetStream Product Selection: Powerful Performance, Leading Specifications 41 S12700 Series Agile Switch Models Chassis Hardware Software Specifications S12708 S12712 Cluster bandwidth 640 Gbps/1.92Tbps 640Gbps / 1.92Tbps Height 15 U 19 U Maximum port density 384 x 10G / 64 x 40G / 16 x 100G 576 x 10 GE / 96 x 40 GE / 24 x 100G 42 S12708 Chassis Structure Chassis Hardware Software • Integrated chassis with 2 MPU, 4 SFU, and 8 LPU slots • Hot-swappable power supplies, fan modules, MPUs, LPUs, SFUs, and CSS cards MPU 1+1 hot standby LPU 384 10 GE ports 64 40G ports 16 100 GE ports SFU 3+1 redundancy 15U Fan frame Left-to-back airflow Zone-based fan speed control Automatically adjusts fan speed according to service card loads CMU 1+1 redundancy Air filter System power Up to 6 power modules 2 slots reserved Modular design In-cabinet removal and installation rear view front view 43 S12712 Chassis Structure • • Chassis Hardware Software Integrated chassis with 2 MPU, 4 SFU, and 12 LPU slots Hot-swappable power supplies, fan modules, MPUs, LPUs, SFUs, and CSS cards MPU 1+1 hot standby Fan tray LPU 576 10 GE ports 96 40G ports 24 100 GE ports SFU 3+1 redundancy 19U Left-to-back airflow Zone-based fan speed control Automatically adjusts fan speed according to service card loads CMU 1+1 redundancy System power Up to 6 power modules 2 slots reserved Air filter Modular design In-cabinet removal and installation rear view front rear 44 S12700 Hardware Structure Chassis • chassis, backplane, CMUs, power modules, fan modules, MPUs, SFUs, LPUs • Independent monitoring, control, and forwarding planes 45 Hardware Software Main Processing Unit – MPUA Chassis Hardware Software MPUA Structure • Interchangeable MPU for S12700 series • Function • • • • • USB port Management network port Cluster combo port Clock port Combo port: Mini USB or RJ45 CSS Master indicator: on – master; off – standby CSS ID indicator: eight indicators, showing the device's cluster ID when turned on 46 • Hardware-based OAM/BFD Hierarchical traffic shaping USB-based deployment with the indicator showing deployment status Cluster combo ports for long-distance clustering over the control plane (reserved) Function S12700 Competitive Devices Supported Not supported Supported Not supported Cluster ID indicator Supported Not supported USB-based deployment Supported Not supported Hardware-based BFD (50 ms switchover) Cluster status indicator Switch Fabric Unit – SFU Chassis Structure Hardware Software Functions • Interchangeable SFU for S12700 series Overview • Provide high-speed non-blocking data channels for switching between service modules • Three models SFUA/ SFUC/ SFUD to meet different requirements, listed in ascending order of performance, OFL button CSS card slot 3 models: SFUA/SFUC/SFUD • N+1 hot standby Highlights • Double control channels, automatic fault detection and switchover Remarks: S12712 does not support SFUC. Remarks: S12708 provides a 480 Gbps slot bandwidth when fully loaded with SFUA cards. 47 CMU Provides Unified, Dynamic Monitoring Centralized Monitoring Unit (CMU) Chassis Hardware Four Major Functions Smart diagnosis and fault location • Monitors LPU voltage and temperature • Detects LPU clock faults Asset management • Manages component status • Manages component type Independent service monitoring • Records LPU power-on time • Monitors changes in service plane environment Dynamic power control • Controls LPU power • Zone-based fan speed control reduces noise and power consumption 48 Software Interface Cards Chassis Hardware Software Table capacities: low- and high-capacity cards apply to different applications Card Type Port Description SA 12 x 10 GE optical SC MAC IP ACL MPLS NetStream 32k IPv4:16k/IPv6:8k ingress 6k, egress 1k Not supported Not supported 16 x 10 GE optical 128k IPv4:16k/IPv6:8k ingress 1k, egress 512 Supported Not supported 2 x 40 GE optical 128k IPv4:16k/IPv6:8k ingress 1k, egress 512 Supported Not supported 8 x 40 GE optical 128k IPv4:16k/IPv6:8k ingress 1k, egress 512 Supported Not supported 36 x GE electrical + 12 x GE optical 32k IPv4:16k/IPv6:8k ingress 1k, egress1k Supported Support 48 x GE optical 32k IPv4:16k/IPv6:8k ingress 6k, egress 1k Supported Support 48 x GE electrical 32k IPv4:16k/IPv6:8k ingress 6k, egress 1k Supported Support 4 x 10 GE optical 32k IPv4:16k/IPv6:8k ingress 6k, egress1k Supported Support 48 x GE optical 128k IPv4:128k/IPv6:64k ingress 32k + 6k, egress 1k Supported Support 48 x GE electrical 128k IPv4:128k/IPv6:64k ingress 32k + 6k, egress 1k Supported Support EA EC 24 x GE optical 128k IPv4:128k/IPv6:64k ingress 32k + 6k, egress 1k Supported Support 4 x 10 GE optical 128k IPv4:128k/IPv6:64k ingress 32k + 6k, egress 1k Supported Support 48 x 10 GE optical 128k IPv4:128k/IPv6:64k ingress 32k + 6k, egress 1k Supported Support 48 x GE optical 1M IPv4:1M/IPv6:512k 64k (ingress + egress) Supported Support 48 x GE electrical 1M IPv4:1M/IPv6:512k 64k (ingress + egress) Supported Support 24 x GE optical + 8 x Combo + 4 x 10 GE optical 1M IPv4:1M/IPv6:512k 64k (ingress + egress) Supported Support 8 x GE optical + 8 x Combo + 8 x 10 GE optical 1M IPv4:1M/IPv6:512k 64k (ingress + egress) Supported Support X1E 49 X1E Series Cards Chassis Hardware Software Industry-leading Performance and Specifications 10 GE Cards Huawei X1E Card Commercial ASIC Card 4 x 10 GE optical + 24 GE optical + 8 Combo 8 x 10 GE optical + 8 Combo GE Cards 48 x GE optical 48 x GE electrical 50 MAC 1M 2x 512k ARP 256k 4x 64k FIB 3M 6x 512k NetStream 1M Queue 64k Buffer 1.5 GB 128x 174x 192x 8k 374 8 MB High-Density 10GE Optical Interface Cards 48 x 10GE Chassis Hardware Software 10GE card with highest density 60 50 48 48 40 Huawei 30 HP 16 20 Cisco 10 0 Line-speed 10 GE density 16 x 10GE SFP-T (RJ45) GE copper transceiver 51 SFP, GE optical transceiver 10GBase-CR, copper cable, within 10m SFP+, 10GE optical transceiver Chassis 40GE Optical Interface Cards 8 × 40GE SC card Hardware Software 40GE optical transceiver 40GE 2 × 40GE SC card 1 x 40GE = 4 x 10GE • SR4 and LR4 40GE optical transceivers, up to 10 km transmission distance. • One 40GE port can be split into four 10GE ports. 52 100GE Optical Interface Cards Chassis Hardware 2 × 100GE card Port bandwidth 100G 100G 2x 100 GE Specifications 40G 40G 10G Service card 10G •MAC 696K •IPv4 FIB 512K •ARP 60K •IPv6 FIB 256K •ACL 128K 48 x10 GE 53 8 x 40 GE Software NGFW Cards, Professional Security Protection NGFW Module A Model *Throughput NGFW Module B NGFW Module C ET1D2FW00S00 ET1D2FW00S01 ET1D2FW00S02 10 Gbps 20 Gbps 40 Gbps 8,000,000 10,000,000 12,000,000 300,000 350,000 400,000 8 Gbps 10 Gbps 10 Gbps 10 Gbps 16 Gbps 20 Gbps 1000 1000 1000 *Concurrent connections *New connections *Security protection performance *IPSec throughput *Virtual firewalls (vFW) Interfaces 2*20GE (built-in)+4*GE (panel) 54 IPS Card Specifications Model *IPS throughput EH1D2IPS0S00 12 Gbps *Concurrent HTTP connections (SA+IPS) 1,000,000 *New HTTP connections (SA+IPS) *Management interface *Basic functions Interfaces 400,000 1GE + 1USB + 1 Console Virtual patch, web application protection, client protection, malicious software defense, network application management and control, network- and application-layer DoS attack defense 2*20GE (built-in)+4*GE (panel) 55 IPS/IDS Module A Chassis Hardware OSP Card, Open Platform for Third-Party Applications x86 architecture, supporting third-party and customized application software Support all IPS applications of CheckPoint Accurately block network attacks, such as hacker, worm, virus, and Trojan horse, or network resource abuse in real time. IPS: Intrusion Prevention System 56 Item Specifications OS VMware or CheckPoint IPS Application software IPS/IDS (developed by CheckPoint) ADC (developed by F5) CPU Intel® Core™ Memory 4GB, max. 16 GB. Built-in flash memory 8 GB Hard disk Standard configuration: two 500 GB enterprise-grade SATA hard disks Software Innovative Screw-free Power Supply Design 2200 W DC power supply Operating voltage: –38.4V to –72V Output: 2200 W Chassis Hardware 2200 W AC power supply Operating voltage: 90V to 290V Output: 1100W @ 110V 2200W @ 220V Recommended redundancy configurations: Chassis S12708 S12712 • 2200W DC Power Supply 2200W AC Power Supply (220V) Recommended Redundancy Mode Chassis power < 2200 W Chassis power < 2200 W 1+1 Chassis power < 4400 W Chassis power < 4400 W 2+1/2+2 Chassis power < 2200 W Chassis power < 2200 W 1+1 Chassis power < 4400 W Chassis power < 4400 W 2+1/2+2 Chassis power < 6600 W Chassis power < 6600 W 3+1/3+2/3+3 Power supplies use a screw-free ejector latch for easy swapping. An indicator shows whether a power supply is securely installed in its slot. 57 Software VRP Software Architecture DB Mgmt IGMP PIM RSVP Device Interface Tunnel 3rd Part Software Host Service Fault Mgmt L2 Protocol Value Added Service Mobile PS BAS SLA LDP Net Stream BGP ISIS OSPF MVPN L3VPN L2VPN Perf Mgmt VRP Inside L2 Protocol IGMP PIM RSVP LDP BGP ISIS CFG OSPF WebUI VR RIP Netconf Software VR RIP SNMP Hardware VR Management Plane CLI Chassis MFIB FIB LSP S12700 is built on Huawei VRP software platform and offers abundant features, Scheduler Component Mgmt Communication HA Real-time OS Kernel Hardware-related Engineer Interface 58 Memory high scalability, and modular design Chassis Interoperation with Products from Mainstream Vendors Universal Standards, Full Interoperability • As one of top 3 ICT suppliers, Huawei has always developed products that strictly comply with national/international standards and regulations • Huawei products can interoperate with all standards-compliant products Large Shipments, Proven Performance • Excellent interoperability proven by commercial use of 8 million devices • Fully interoperable with mainstream vendors’ hardware ports and software protocols Agile, Accurate Tools Configuration translation tool accurately translates other products' configuration into Huawei device configurations, making device swap easy • Auto configuration delivery tool improves device swap efficiency • 59 ENP Hardware Software Verified Interoperability Chassis Real Interoperation Experience in the Lab Proven Interoperability on Unified VRP Platform • • On-demand interoperability tests with switches mainstream vendors • • Remote operation, real experience Good interoperability proven by Tolly tests and network applications Software Fully Interoperable with Proprietary Protocols • VRP platform in all Sx7 series Hardware • Over 100 major projects involving Cisco device interoperation and replacement, 100% success rate Dedicated R&D team for network migration in major projects S12700 ENP ENP S12712 Interoperable with Cisco switches S9700 Interoperation laboratory – Huawei Nanjing Research VRP inside OSPF OR ISIS 60 Contents 1 Future Requirements 2 S12700 Agile Switch Introduction 3 Success Stories 4 Third Parties' View on Agile Switch 61 Successful Application of Agile Switch in the Global Market 350+ customers, 1000+ switches shipped, 7 industries in Europe, America, Latin America, Africa… 150 + projects Government, Finance • The People's Bank of China • South African Police Service 50 + projects, demo site established Medical treatment 80 + projects, demo site 60 + projects • Guangzhou University of Chinese Medicine Third Hospital • Chongqing Daping Hospital 62 Large enterprise • Sinopec • BAIC Group • China Southern Power Grid established Education 20 + projects 15 + projects • Beijing MTR Corporation Limited Transportation • Guangzhou Metro • Shanghai Second Polytechnic University • Southwest University for Nationalities Broadcast &TV • Zhejiang Changxing Media group • Shandong Cable TV Sweden Fiberdata Data Center Background and Requirements Sweden Fiberdata is one of top system integrators in Sweden, committed to delivering broadband connections for carriers, public service and government agencies. As its business develops fast, Fiberdata needs to upgrade its network to meet the following requirements: Secure, reliable, low-delay, and scalable network to support service development Easy to manage and maintain Internet Huawei Solution Used fully programmable S12708 agile switches to support smooth evolution and cope with new service requirements. Employed CSS2 switch fabric hardware clustering technology on core switches and connected stacks of access switches to aggregation switches in dualhoming mode to ensure reliability and stability of key links and nodes. Configured SVF and iPCA to further simply network structure and monitor network quality in real time. Firewall S12708 Benefits to Customers S12700's fully programmable architecture can adapt to customers' network requirements. The secure, reliable network delivers access services for different users. The clear network structure allows for unified management and maintenance, and reduces O&M costs. 63 S5700-LI SWUN Campus Network Background and Requirements Southwest University for Nationalities (SWUN) is founded in July 1950 and located in Chengdu, Sichuan, China. The university has following requirements on campus network: Deploy wireless networks in old and new campuses to meet future network access requirements. Upgrade switches in the camps network and use future-oriented network technologies to provide high network performance and support its data center. Internet Old campus ME60 Huawei Solution Core layer Auth & acc server S12708 Deployed two S12708 core switches in a cluster to enhance reliability. They provide native AC capabilities to converge wired and wireless network management. Redundancy design on aggregation and access layers, key links bundled in trunks. One eSight system to manage wired and wireless networks. Deployed indoor settled AP6010DN APs in dormitories to facilitate installation and maintenance. Each AP covers four rooms, providing optimal coverage and network performance. Benefits to Customers Native AC provides a wired and wireless convergence solution and realizes unified authentication of wired and wireless users. Redundancy design on aggregation and access layers ensures network reliability. Indoor settled AP deployment reduces installation and maintenance costs. Unified authentication ensures network security. Aggregation layer S5710-28C-EI eSight S5700-28P-PWR-LI-AC Access layer AP6010DN Public place Teaching building Dormitory "The native AC and uniform user management functions of Huawei agile switch can full meet our requirement for information network construction. We are especially interested in the SVF feature as this technology will significantly simplify network management." --Mr. Xie Shengjun, Mr. Wang Xiang from SWUN campus network management center 64 Chongqing Daping Hospital Network Background and Requirements Chongqing Daping Hospital (Third Affiliated Hospital of the Third Military Medical University) is a comprehensive military hospital integrating medical care, teaching, and scientific research, with 3000+ beds. Its network requirements are: Secure, reliable, and easy-to-expand wired and wireless converged network Full use of current network resources, good compatibility 10G MM fiber 1G SM fiber Huawei Solution NMS Adopted a 3-layer network with core, aggregation, and access layers. S12708 1G MM fiber S12708 S9306 (new) worked with S9300 (original) in 1+1 backup. Adopted a 10G backbone (scalable), GE aggregation (scalable to 10GE), and GE gigabit-to-the-desktop design. Deployed one eSight system to manage the entire network. S12708's native AC made wired and wireless convergence ready. GE 1G twisted pair MM = multi-mode SM= single-mode GE Aggregation switchS5700-EI Access switch S5700-LI Benefits to Customers Secure and reliable network devices, clear network structure, simple management and maintenance, reducing O&M costs. Fully use original devices and provide good compatibility and scalability to protect customer investment. 65 Floors 1-6 Floors 7-14 Floors 15-18 Changxing Media Group MAN Reconstruction Background and Requirements Changxing Media Group (Zhejiang, China), an integrated media group owning TV stations and newspapers, started transformation from cable TV service provider to voice, video, and data service provider. Its network requirements are: Upgrade the gigabit MAN to 10G backbone to support "Safe City" video surveillance service. Establish bidirectional STB links to provide interactive digital TV (VOD) and broadband Internet access services. Establish VPN tunnels over MAN to provide exclusive channels for VIP customers. VOD egress Data network egress USG5530S Firewall USG5530Sf Firewall Huawei Solution Deployed two NE40E-X8 routers at MAN egress, two CE12808 switches at core layer, and 19 S12708 switches at aggregation layer, establishing a dual-homing star topology. S12708's large table capacities allow access of massive terminals, and its 1.5 GB large buffer capacity can well handle traffic bursts. Applied CSS2 switch fabric hardware cluster technology on aggregation nodes to ensure reliability while implementing load balancing and backup at aggregation layer. Used HQoS for fine-grained differentiation and scheduling of voice, data, VOD, VIP VPN services, providing high-quality service forwarding. Benefits to Customers NE40E Core router Large table capacities and buffer size of S12708 well handle traffic bursts in peak hours. HQoS provides fine-grained service control. Hardware cluster technology and 50 ms switchover ensure high network reliability. S12708 provides only powerful ARP/routing capabilities, but also native AC and fully programmable interfaces to adapt to "wireless city" construction and service customization requirements. 66 CE12808 switch CE12808 switch Dual 10G links S12708 NE40E Core router 40km 40km S12708 。。。。 。。 Dual 10G links S12708 S12708 Contents 1 Future Requirements 2 S12700 Agile Switch Introduction 3 Success Stories 4 Third Parties' View on Agile Switches 67 Tests by Third-Party Authorities Miercom Tolly Full programmability and SDN capability SDN Ready, full programmability, Protocol Oblivious Forwarding (POF) 100% line-rate forwarding on 576x10GE ports Several million hardware entries 68 Ixia MIIT Passed SDN programmability test S12700 features the industry's highest switching performance on campus • Awards to Agile Switches Awards Interop 2014: Best of Show Award Special Prize in Enterprise Networking Category Was Given to Huawei “This product is especially interesting because of the programmable Ethernet data plane. This means it is good for the SDN environment. Many products are based simply on OpenFlow. But this product can be adopted for many applications and many kinds of software. That means it can be a base product for evolution to future SDN products.” — Osamu Nakamura, professor at Keio University and Interop judge Learn more Best Practices Awards Frost & Sullivan Asia Pacific Best hardware Product of the Year Best Innovative Product supplier Computer World Computer Products GITEX and Circulation SDN Solution Award NetworkWorld Asia Best Innovative Product 69 Excellent Product Product of the Year Award -ZOL 70
© Copyright 2024