ZXR10 T160G T64G Technical Specifications

ZXR10 T160G&T64G
Technical Specifications
ZXR10 T160G&T64G Technical Specifications
Product Type Technical Description
About the Document

Version Date Author Approved By Remarks
V1.00 2005-12-06 Not open to the Third Party
V1.1 2007-4-12 HESHU MAOYUCHENG
Copyright © 2005 ZTE Corporation Shenzhen P. R. China
ZTE CONFIDENTIAL: This document contains proprietary information of ZTE Corporation and is
not to be disclosed or used except in accordance with applicable
agreements.
Due to update and improvement of ZTE products and technologies,

information of the document is subjected to change without notice.
ZTE Confidential Proprietary I

ZXR10 T160G&T64G Technical Specificat
ions
Table of Contents
1 Overview ......................................................................................................................................6
1.1 System Overview.................................................................................................................6
1.2 Overall System Structure......................................................................................................6
1.2.1 System Hardware .......................................................................................................6
1.2.2 System Software ........................................................................................................7
1.3 System Features ...................................................................................................................8
2 Hardware Architecture .............................................................................................................10
2.1 Overview ...........................................................................................................................10
2.2 System Hardware Structure ................................................................................................10
2.3 Switching and Control Module...........................................................................................11
2.3.1 Control Module........................................................................................................12
2.3.2 Switching Module ....................................................................................................12
2.4 Power Supply Module........................................................................................................12
2.5 Interface Module................................................................................................................13
2.5.1 44+4 FE Interface Board ..........................................................................................13
2.5.2 12-Port GE Interface Board ......................................................................................14
2.5.3 24-Port GE Optical Interface Board..........................................................................15
2.5.4 12-Port GE Interface Board ......................................................................................15
2.5.5 24-Port GE Electrical Interface Board ......................................................................16
2.5.6 1-Port 10G Ethernet Optical Interface Board ............................................................17
2.5.7 2-Port 10G Ethernet Optical Interface Board ............................................................18
2.5.8 POS+GE Optical Interface Board .............................................................................19
2.5.9 Protocol Processing Unit ..........................................................................................20
2.5.10 Others ......................................................................................................................20
3 Software Architecture................................................................................................................21
3.1 Overview ...........................................................................................................................21
3.1.1 Operation Support Subsystem ..................................................................................21
3.1.2 MUX Subsystem ......................................................................................................21
3.1.3 L2 Subsystem...........................................................................................................22
3.1.4 L3 Subsystem...........................................................................................................22
3.1.5 Network Management and O&M Subsystem ............................................................23
3.2 Fully Distributed Service Processing ..................................................................................23
3.3 Architecture of Layers........................................................................................................23
3.3.1 Link Layer Protocol Software...................................................................................23
3.3.2 Network Layer Protocol Software ............................................................................23
3.3.3 Upper Layer Protocol Software ................................................................................24
3.4 Functional Module.............................................................................................................24
3.4.1 ROS.........................................................................................................................24
3.4.2 SSP Switching Subsystem ........................................................................................28
3.4.3 Coprocessor Software Subsystem .............................................................................28
ZTE Confidential Proprietary II

ions
3.4.4 Software Forwarding Support Subsystem .................................................................28

3.4.5 L2 Management and Protocol Subsystem .................................................................29
3.4.6 IP Supporting Protocol Subsystem............................................................................33
3.4.7 Multicast Routing Subsystem ...................................................................................35
3.4.8 MPLS Protocol Subsystem.......................................................................................35
3.4.9 Application Sub-system ...........................................................................................40
3.4.10 Statistical Alarm Subsystem .....................................................................................41
3.4.11 Security Subsystem ..................................................................................................41
3.4.12 Maintenance Management Subsystem ......................................................................42
3.4.13 SNMP Subsystem ....................................................................................................42
3.4.14 Monitoring Subsystem .............................................................................................43
3.4.15 IPv6 Subsystem........................................................................................................43
4 ACL Function ............................................................................................................................44
4.1 Overview ...........................................................................................................................44
4.2 ACL Technology of XG Series Switches............................................................................45
4.2.1 Standard ACL ..........................................................................................................45
4.2.2 Extended ACL .........................................................................................................45
4.2.3 L2 ACL ...................................................................................................................46
4.2.4 Hybrid ACL .............................................................................................................47
5 QoS Technology .........................................................................................................................48
5.1 Introduction .......................................................................................................................48
5.1.1 Background..............................................................................................................48
5.1.2 Functional Requirements..........................................................................................48
5.1.3 Service Model ..........................................................................................................49
5.2 QoS of ZXR10 XG Series Switches ...................................................................................51
5.2.1 Packet Classification and Priority Marking ...............................................................52
5.2.2 Congestion Management ..........................................................................................52
5.2.3 Congestion Avoidance .............................................................................................55
5.2.4 Traffic Policing ........................................................................................................56
5.2.5 Traffic Shaping ........................................................................................................57
5.2.6 Physical Interface Link Rate (LR) ............................................................................58
5.3 QOS Application................................................................................................................59
5.3.1 PHB Guarantee of Voice and Video Services ...........................................................59
5.3.2 Enterprise Private Network Application....................................................................59
5.3.3 Application Summary ..............................................................................................60
ZTE Confidential Proprietary III

ions
Figures and Tables

Figures
Figure 1 Hardware Architecture of ZXR10 T160G and ZXR10 T64G...............7
Figure 2 Software structure of ZXR10 T160G and ZXR10 T64G......................8
Figure 3 ZXR10 T160G/T64G System Hardware Schematic Drawing ............11
Figure 4 Main Control Board..........................................................................11
Figure 5 The main control board panel............................................................12
Figure 6 AC Power Supply Module ................................................................12
Figure 7 DC Power Supply Module ................................................................13
Figure 8 Operation Principles of the 44+4 FE Electrical Interface ...................13
Figure 9 44+4 FE Electrical Interface Board Panel..........................................14
Figure 10 Operation Principles of the 12-port GE Optical Interface Board ........14
Figure 11 12-port GE Optical Interface Board Panel .........................................14
Figure 12 Operation Principles of the 24-port GE Optical Interface Board ........15
Figure 13 24-port GE Optical Interface Board Panel .........................................15
Figure 14 Operation Principles of the 12-port GE Electrical Interface Board .....16
Figure 15 12-port GE Electrical Interface Board Panel......................................16
Figure 16 Operation Principles of the 24-port GE Electrical Interface Board .....17
Figure 17 24-port GE Electrical Interface Board Panel......................................17
Figure 18 Operation Principles of the Single-port 10G Ethernet Optical
Interface Board .............................................................................................18
Figure 19 Single-port 10G Ethernet Optical Interface Board Panel....................18
Figure 20 Operation Principles of the 2-port 10G Ethernet Optical Interface
Board 18
Figure 21 2-port 10G Ethernet Optical Interface Board Panel............................19
Figure 22 Operation Principles of the POS+GE Optical Interface Board ...........19
Figure 23 POS+GE Optical Interface Board Panel ............................................19
Figure 24 Operation Principles of the Protocol Processing Unit ........................20
Figure 25 Architecture of the Operation Support Subsystem .............................21
Figure 26 Architecture of the L2 Subsystem .....................................................22
Figure 27 Architecture of the L3 Subsystem .....................................................23
Figure 28 ZXR10 XG software architecture......................................................24
Figure 29 Block Diagram of the Unicast Routing Protocol Subsystem ..............34
Figure 30 MPLS Operating Principles ..............................................................36
Figure 31 MPLS Header Structure....................................................................37
Figure 32 Basic Model of BGP MPLS VPN .....................................................38
Figure 33 Basic Model of VPWS......................................................................39
Figure 34 Basic Model of VPLS .......................................................................40
Figure 35 Enterprise Networking......................................................................44
Figure 36 Schematic Diagram for FIFO Scheduling..........................................52
Figure 37 Schematic Diagram for SP Scheduling..............................................53
Figure 38 Schematic Diagram for WRR Scheduling .........................................53
ZTE Confidential Proprietary IV

ions
Figure 39 Schematic Diagram for DWRR Scheduling.......................................54

Figure 40 Schematic Diagram for WFQ Scheduling..........................................54
Figure 41 Schematic Diagram for Relationship between WRED and Queue
Mechanism ...................................................................................................56
Figure 42 Basic Processing Course of CIR Traffic Control ...............................56
Figure 43 TS Processing...................................................................................58
Figure 44 ZXR10 XG Series Switches QoS Processing.....................................58
Figure 45 VOIP Support...................................................................................59
Tables
Table 1 Features of ZXR10 T160G and ZXR10 T64G.....................................8
Table 2 Specifications of the 12-port GE Optical Interface Board ..................14
Table 3 Specifications of the 24-port GE Optical Interface Board ..................15
Table 4 Specifications of the 12-port GE Electrical Interface Board...............16
Table 5 Specifications of the 24-port GE Electrical Interface Board...............17
Table 6 Specifications of the Single-port 10G Ethernet Optical Interface
Board 18
Table 7 Specifications of the 2-port 10G Ethernet Optical Interface Board.....19
Table 8 Specifications of the POS+GE Optical Interface Board .....................19
ZTE Confidential Proprietary V

1 OVERVIEW
1.1 System Overview
With Internet services growing dramatically, IP has become the most widely used
transmission method for the new generation of network infrastructure in the world and IP-
based services will become more important in ISP networks. To be more competitive in the
transformation of communications networks, carriers are building broadband IP networks to
carry data, voice, and video services.
As Ethernet switches have greater functionality and enhanced performance, they have been
in wider use on IP networks. In recent years, broadband service has been in enormously
increasing demand, which can be satisfied by 10G Ethernet switches featuring superior
bandwidth and wire speed. Therefore, 10G Ethernet switches have become important
devices in IP network constitution.
Today, people not only have greater demand for network bandwidth, but also have higher
requirements for network protocols. QoS and VPN have become significant network
features. To solve the problem of depletion of IPv4 addresses, IPv6 network will be
deployed gradually.
ZXR10 T160G and ZXR10 T64G 10G MPLS Routing Switches, developed by ZTE
Corporation with the industry’s leading technologies, feature huge capacity and switching
performance of wire speed and support the latest network protocols.
ZXR10 T160G and ZXR10 T64G are referred to as XG Series in some parts of the
following texts.
1.2 Overall System Structure

ZXR10 T160G and ZXR10 T64G adopts the industry’s leading ASIC hardware forwarding
technology, in which the hardware completes all forwarding operations at wire speed on
ports. ASIC can filter the streams of layer 2 switching, MPLS switching, IPv4 routing, IPv6
routing, and L4 to L7 at wire speed. The XG Series switch data at a speed of not less than
10G on the ASICs and connect these ASICs to form a huge Ethernet switch. Compared with
separate forwarding on hardware, software uses a centralized and separate mode, where the
major protocols are handled on the high-performance protocol processing board and other
protocols are processed on service boards separately. The protocol processing unit
communicates with other service boards through high-speed communication channels.
1.2.1 System Hardware

The XG Series Switches are designed to be installed in racks. The system uses a large-
capacity and high-speed serial bus backplane to connect the main control board to all
service line cards. The control and switch matrices are combined in one, which supports 1:1
redundancy. A large-capacity switch matrix is used to guarantee the switching capacity that
the system may need when it is operating at wire speed. The control board uses a high-
performance CPU and large memory to ensure adequate storage space for speedy protocol
processing and huge table contents. Each line card provides packet processing capability at
wire speed through ASIC and offers 10G, 1G, 100M and POS interfaces according to
different services. Figure 1 shows the hardware architecture of ZXR10 T160G and ZXR10
T64G.
ZTE Confidential Proprietary 6

Main control board

GE line card Serdes Serdes Primary and
standby main
24 GE packet control board
processor
Large-capacity high-speed backplane

FE
Large-capacity
CPU switch matrix
24 ? GE Console
FE
Network
2×XGE management unit
232
Protocol
XGE line card processing
Serdes FE
2 XGE packet Internal
processor communications
FE Monitoring 232 Power
CPU module supply
unit
Figure 1 Hardware Architecture of ZXR10 T160G and ZXR10 T64G
1. Large-capacity high-speed backplane
The system uses a passive large-capacity high-speed backplane to connect the main control
board to all line cards to ensure adequate switching capacity for system operation and to
reserve enough bandwidth for future upgrade.
2. Main control board
The main control board is an important integrated board with 1:1 redundancy. Each main
control board consists of one large-capacity switch matrix, one high-performance and large-
capacity CPU, one cross-board communications switching module, one system monitoring
module, and one clock module. Two main control boards are closely connected in operation.
3. Service line card
Service line cards process packets and send them to the particular port to the destination
service line card according to the processing result. Each service line card has its own
forwarding table and makes forwarding decisions locally to ensure line-rate switching
performance. Service line cards fall into multiple categories, as shown in the following:
• 100M Ethernet service card
• 1000M Ethernet service card
• 10G Ethernet service card
• POS service card (155M\622M\2.5G\10G)
1.2.2 System Software

The core of system software of ZXR10 T160G and ZXR10 T64G is ZXROS distributed
routing platform. This platform is the result of ZTE Corporation’s years of endeavor of in
data communications industry and it serves the ZXR10 series high-end routers and switches.
It provides protocol stacks required in L2, L3, MPLS, and IPv6, as well as unified
interfaces for downstream devices.
The distributed platform provides an operating system and basic elements for invoking
software.

The ASIC-related driver is used to connect ZXROS and the real ASIC executive. It delivers
ZXROS' commands to hardware, sends protocol packets that need to be processed by the
protocol layer to ZXROS software, and synchronizes the ZXROS software table and ASIC
hardware forwarding table.
Network management and operation maintenance
Protocol stacks on ZXROS routing platform (L2, L3, MPLS, IPv6)
ASIC-related driver
Distributed operating system platform
Figure 2 Software structure of ZXR10 T160G and ZXR10 T64G

The network management and operation management module provides user management
interface. It allows users to perform switching management and operation maintenance
through the 232 interface, Telnet, SSH, SNMP, and so on.
1.3 System Features

ZXR10 T160G and ZXR10 T64G have the following features:
1. Carrier class reliability
Redundancy for the physical layer: power supply redundancy, active and standby
redundancy, hot-swappable board. Redundancy for the protocol layer: LACP, VRRP, route
load sharing, and other protocols.
2. Forwarding and filtering capability at full wire speed
ASIC hardware switching ensures data are switched at wire speed on L2, L3, MPLS, and
IPv6. ASIC hardware filtering ensures packet filtering on L2 to L7 at wire speed and ACL
are performed on L2 to L4 at wire speed.
3. Abundant network protocols supported
The system supports the latest network protocols: L2, L3, unicast routing, multicast routing,
MPLS, IPv4, and IPv6, and access and authentication protocols, and can catch up with
network development to meet the requirements for advanced Ethernet network constitution.
4. Open architecture design with great upgrade capability
The open architecture design has great upgrade capability, which protects users’ investment
and satisfies users’ demand for new functions in the future.
Table 1 Features of ZXR10 T160G and ZXR10 T64G
Item Description
Basic Functions Backplane bandwidth: T160G 1.44 Tbps ; T64G 900 Gbps
Switching capacity: T160G 768 Gbps; T64G 480Gbps
Packet forwarding rate: T160G 571 Mpps ;T64G 357Mpps

Entries in the routing table: 500 K (layer 3)

Depth of the MAC address table: 64 K (layer 2)
T160G: 10 slots and up to 8 service slots
Number of Slots
IEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.3x, and IEEE 802.1p
IEEE 802.1d STP, IEEE802.1w RSTP, and IEEE802.1s MSTP.
IEEE 802.3ad
L2 Protocols IEEE802.1Q.
Supported Number of VLANs: 4096
VLAN Range: 1~4094
VLANs based on ports, MAC addresses, subnets ,protocols, strategies
PVLAN, QinQ
Routing protocols such as RIP1/2, OSPF, BGP, and IS-IS
L3 Protocols
VRRP and Super VLAN
Supported
IPv6
MPLS VPN: Support VPLS and VPWS (Martini); For layer 3 support RFC2547bis.
NAT: up to 256 K NAT sessions.
Support the NAT log.
Service Multicast: supports IGMP, PIM-DM/SM, MSDP, MBGP
Functions Bandwidth control: port-, application-, and stream-based bandwidth control, with control
granularity of 8 K.
Authentication: supports 802.1x and RADIUS Server\Client.
DHCP: support DHCP Relay and DHCP Server.
Support eight priority queues.
L2-based priority queue
QoS Feature
Flow control based on L2, L3 and L4 source and destination
L4-based application flow control
1-port 10G Ethernet optical interface
2-port 10G Ethernet optical interface
12-port GE optical + 4-port GE electrical interface
24-port GE optical + 4-port GE electrical interface
12-port GE electrical + 4-port GE optical interface
Interface Card 24-port GE electrical + 4-port GE optical interface
44-port FE electrical + 4-port GE electrical interface
48-port GE electrical interface
8-port GE optical + 4-port 155M POS interface
4-port 2.5G POS interface
1-port 10G POS interface
Equipment SNMP MIB, MIB II (RFC 1213)
Management RMONV1/V2/V3
Port mirroring: mirroring includes the control module, particular port, and particular slot
Console/Telnet/SSH management
Power Supply Power supply (AC): 100~240(±10%)V, 50 Hz ~ 60 Hz
Power supply (DC): -48V±20%
Power consumption of T160G with full configuration: 1200 W
Power consumption of T64G with full configuration: 720 W
Reliability MTBF > 200,000 hours
MTTR < 30 minutes
All the boards support hot swapping. The main control board and power supply support

Item Description
Backplane bandwidth: T160G 1.44 Tbps ; T64G 900 Gbps
Switching capacity: T160G 768 Gbps; T64G 480Gbps
Basic Functions Packet forwarding rate: T160G 571 Mpps ;T64G 357Mpps
Entries in the routing table: 500 K (layer 3)
Depth of the MAC address table: 64 K (layer 2)
Number of Slots
IEEE 802.3, IEEE 802.3u, IEEE 802.3z, IEEE 802.3x, and IEEE 802.1p
IEEE 802.1d STP, IEEE802.1w RSTP, and IEEE802.1s MSTP.
IEEE 802.3ad
L2 Protocols IEEE802.1Q.
Supported Number of VLANs: 4096
VLAN Range: 1~4094
VLANs based on ports, MAC addresses, subnets ,protocols, strategies
PVLAN, QinQ
Routing protocols such as RIP1/2, OSPF, BGP, and IS-IS
L3 Protocols
VRRP and Super VLAN
Supported
IPv6
redundancy.
Dimensions: T160G: 442 (H) ×577 (W) ×450 mm (D);
Physical T64G: 442 (H) x 440 (W) x 450 mm (D)
Parameters Weight(Full Configuration): T160G: 56 kg;
T64G: 38 kg
Operating temperature: -50C - 450C.
Environmental
Storage temperature: -40 0C - 700C
Requirements
Storage relative humidity: 5% - 95% (non-condensing)
2 HARDWARE ARCHITECTURE
2.1 Overview
This chapter mainly introduces system hardware and operation principles of ZXR10 T160G
and ZXR10 T64G 10G MPLS Switches to help you have a better understanding of the
system. It includes the system’s general structure, functional modules, board schematics,
and operation principles.
2.2 System Hardware Structure

ZXR10 T160G and T64G 10G MPLS Switches are large-capacity rack-mounted 10G
Ethernet switches. They implement data switching between layers using hardware
switching of two levels. Switching of the first level occurs between ports of line cards. The
second level of switching occurs between line cards, which is controlled by the main
control board. The first level switching is intelligent; it determines almost forwarding at all
ports. The switching chip of this level is usually called packet processor (PP). The second
level switching is cross-connect matrix switch, which connects all PPs and performs
switching according to simple tags, constituting a large-capacity switching system.

High-speed High-speed
XAUI interface XAUI interface
Line card 1 XAUI interface XAUI interface
Line card 5
..
..
..
..
Switching
XAUI interface network XAUI interface
High-speed High-speed Line card 8
Line card 4 XAUI interface XAUI interface
Control module (standby)

Control module
Power (primary)
supply unit
Figure 3 ZXR10 T160G/T64G System Hardware Schematic Drawing

ZXR10 T160G and ZXR10 T64G have the similar hardware structures at present. They use
the same line cards. T64G supports five line cards and T160G supports eight line cards
without primary or standby control module. Figure 3 shows the system hardware. The
system mainly comprises control modules, switching modules, packet processing modules,
and power supply units.
2.3 Switching and Control Module

In practice, the switching and control modules are integrated on the same main control
board, as shown in Figure 4.
High-speed
XAUI interface
SDRAM
CPU Console port

CROSSBAR
system
MCT port
BOOTROM
High-speed
XAUI interface
Figure 4 Main Control Board

2.3.1 Control Module

The control module is composed of the main processor and some external functional chips,
providing operational interfaces, such as serial ports and Ethernet interfaces to implement
applications for the system. The main processor is the high-performance POWER PC
processor, which supports up to 1G SDRAM, 64M Flash memory, and 512K BOOTROM.
It can:
• Support network management protocols, such as SNMP.
• Support network protocols, such as OSPF, RIP, BGP-4.
Provide operational and management interfaces for all line cards.
Manage and maintain data.
2.3.2 Switching Module

The switching module uses the specialized CROSSBAR chip, which integrates multiple
high-speed bi-directional interfaces and can switch data at wire speed on multiple line cards.
The switching chip has the following features:
1. Stores, forwards, and switches data.
2. Supports huge frames of up to 9 KB.
3. Supports priority queues and selectively discards frames when CoS queues are
congested.
4. Each port provides a set of counters for management and control.
The front panel of the main control board is shown in Figure 5.
Figure 5 The main control board panel
2.4 Power Supply Module

ZXR10 T160G/T64G 10G MPLS Switches are designed to satisfy rigorous reliability
requirements. The power supply module features hot backup and it is available in both -48
VDC and 220 VAC. The DC power supply module adopts 1+1 redundancy, where two 48
VDC units can provide power at the same time. The AC power supply module adopts 2+1
redundancy to improve reliability.
Figure 6 shows the AC power supply module.
Figure 6 AC Power Supply Module

Figure 7 shows the DC power supply module.

Figure 7 DC Power Supply Module
2.5 Interface Module

The interface module of ZXR10 T160G/T64G 10G MPLS Switches refers to the line
interface card. The currently available line cards include: FE electrical interface board, GE
interface board, 10G Ethernet optical interface board, POS 155M optical interface board,
and protocol processing board. ZXR10 T160G/T64G 10G MPLS Switches use swappable
optical transceivers in all optical interfaces of line cards. Therefore, one line card supports
multiple transmission media and transmission distances, and some line cards even provide
different types of ports, which reduces the number of extra line cards in many cases and
minimizes users’ investments. In addition, all the subscriber electrical interfaces in line
cards have cable diagnostic function that can check the connection of the connected cable
and locate the short circuit or open circuit in the cable with accuracy of one meter.
2.5.1 44+4 FE Interface Board

The 44+4 FE electrical interface board provides 44 FE interfaces and four GE electrical
interfaces, that is, 48 Ethernet electrical interfaces in total. The 44 FE electrical interfaces
support 10/100 auto-sensing, and the four GE electrical interfaces support 10/100/1000
auto-sensing. Packets received from the FE and GE interfaces get to PP through PHY and
MAC, and they are forwarded by PP according to their MAC addresses and IP addresses. If
the destination port is in the current board, PP directly forwards the packets to the port. If
the destination port is not in the current board, it forwards the packets to the uplink interface
of the current board. After being switched on the main control board, the packets are
forwarded to the port on the target board. All the operations are performed at wire speed.
Additionally, the board can add a powerful coprocessor to implement packet processing
from L2 to L7 to satisfy the complex applications in practice. Figure 8 shows the operation
principles, where the dashed line refers to an optional configuration.
CP
High-speed
44 x 100M
RJ45 PHY XAUI interface
electrical interface
...
High-speed
RJ45 PHY PP XAUI interface
4 x GE electrical
interface RJ45 PHY
Figure 8 Operation Principles of the 44+4 FE Electrical Interface
Figure 9 shows the 44+4 FE electrical interface board panel.

Figure 9 44+4 FE Electrical Interface Board Panel
2.5.2 12-Port GE Interface Board

The 12-port GE optical interface board provides 12 GE optical interfaces, four of which
also support optical/electrical auto-sensing. Packets received from the GE interfaces get to
PP through PHY and MAC, and they are forwarded by PP according to their MAC
addresses and IP addresses. If the destination port is in the current board, PP directly
forwards the packets to the port. If the destination port is not in the current board, it
forwards the packets to the uplink interface of the current board. After being switched on
the main control board, the packets are forwarded to the port on the target board. All the
operations are performed at wire speed. Additionally, the board can add a powerful
coprocessor to implement packet processing from L2 to L7 to satisfy the complex
applications in practice. Figure 10 shows the operation principles, where the dashed line
refers to an optional configuration.
CP
High-speed
12 x GE optical
SFP PHY XAUI interface
interface
...
High-speed
SFP PHY PP
XAUI interface
4 x GE electrical
interface RJ45 PHY
Figure 10 Operation Principles of the 12-port GE Optical Interface Board
Figure 11 12-port GE Optical Interface Board Panel

12-port GE optical interface board uses pluggable SFP optical transceivers, with each port
supporting the four common distances of gigabit Ethernet networks, as shown in Table 2
below.
Table 2 Specifications of the 12-port GE Optical Interface Board
Port Type Specifications
LC connector. 50 or 62.5 125mm multi-mode fiber. Wavelength: 850nm. Max. transmission
SX (SFP- distance: 500m.
M500)
Transmission power: -9.5dBm~-4dBm. Receive sensitivity: <-18dBm.
LC connector. 8 or 9 125mm single-mode fiber. Wavelength: 1310nm. Max. transmission
LX (SFP-
distance: 10km.
S10K)
LH (SFP- distance: 40km
S40K)
Transmission power: -4dBm~0dBm. Receive sensitivity: <-22dBm.
LH (SFP- distance: 80km
S80K)
Transmission power: 0dBm~5dBm. Receive sensitivity: <-22dBm.
RJ45 connector. Category-5 UTP cables
10/100/1000B Max. transmission distance: 100m
ASE-TX Half duplex/Full duplex
MDI/MDIX

2.5.3 24-Port GE Optical Interface Board

The 24-port GE optical interface board provides 24 GE optical interfaces, four of which
also support optical/electrical auto-sensing. Packets received from the GE interfaces get to
PP through PHY and MAC, and they are forwarded by PP according to their MAC
operations are performed at wire speed. Figure 12 shows the operation principles.
High-speed
24 x FE optical SFP PHY XAUI interface
...
interface High-speed
SFP PHY PP
XAUI interface
4 x GE electrical
interface RJ45 PHY
Figure 12 Operation Principles of the 24-port GE Optical Interface Board
Figure 13 24-port GE Optical Interface Board Panel

24-port GE optical interface board uses pluggable SFP optical transceivers, with each port
supporting the four common distances of gigabit Ethernet networks, as shown in Table 3 .
Table 3 Specifications of the 24-port GE Optical Interface Board
LC connector. 50 or 62.5 125mm multi-mode fiber. Wavelength: 850nm. Max.
SX (SFP-M500) transmission distance: 500m
Transmission power: -9.5dBm~-4dBm. Receive sensitivity: <-18dBm
LC connector. 8 or 9 125mm single-mode fiber. Wavelength: 1310nm. Max.
LX (SFP-S10K) transmission distance: 10km
LH (SFP-S40K) transmission distance: 40km
Transmission power: 100m
10/100/1000BASE-TX
Half duplex/Full duplex
MDI/MDIX
2.5.4 12-Port GE Interface Board

The 12-port GE electrical interface board provides 12 GE electrical interfaces, four of
which also support optical/electrical auto-sensing. Packets received from the GE interfaces
get to PP through PHY and MAC, and they are forwarded by PP according to their MAC

operations are performed at wire speed. Additionally, the board can add a powerful
coprocessor to implement packet processing from L2 to L7 to satisfy the complex
applications in practice. Figure 14 hows the operation principles, where the dashed line
refers to an optional configuration.
CP
High-speed
12 x GE electrical
interface ... High-speed

RJ45 PHY PP
XAUI interface
4 x GE optical
interface
SFP PHY
Figure 14 Operation Principles of the 12-port GE Electrical Interface Board
Figure 15 12-port GE Electrical Interface Board Panel

All interfaces on the 12-port GE electrical interface board supports RJ45 interface, four of
which uses pluggable SFP optical transceivers and support the four common distances of
gigabit Ethernet networks, as shown in Table 4
Table 4 Specifications of the 12-port GE Electrical Interface Board
Max. transmission distance: 100m
10/100/1000BASE-TX
MDI/MDIX
Transmission power: -4dBm~0dBm. Receive sensitivity: <-22dBm
Transmission power: 0dBm~5dBm. Receive sensitivity: <-22dBm
2.5.5 24-Port GE Electrical Interface Board

The 24-port GE electrical interface board provides 24 GE electrical interfaces, four of
which also support optical/electrical auto-sensing. Packets received from the GE interfaces
get to PP through PHY and MAC, and they are forwarded by PP according to their MAC

operations are performed at wire speed. Figure 16 hows the operation principles.
High-speed
24 x GE electrical
...
High-speed
interface RJ45 PHY PP
XAUI interface
4 x GE optical
interface SFP PHY
Figure 16 Operation Principles of the 24-port GE Electrical Interface Board
Figure 17 24-port GE Electrical Interface Board Panel

All interfaces on the 24-port GE electrical interface board supports RJ45 electrical
interfaces, four of which uses pluggable SFP optical transceivers and support the four
common distances of gigabit Ethernet networks, as shown in Table 5
Table 5 Specifications of the 24-port GE Electrical Interface Board
10/100/1000BASE-TX
MDI/MDIX
2.5.6 1-Port 10G Ethernet Optical Interface Board

The single-port 10G Ethernet optical interface board provides one 10G Ethernet interface
with XENPAK connector. Packets received from the 10G Ethernet interfaces get to PP
through PHY and MAC, and they are forwarded by PP according to their MAC addresses
and IP addresses. If the destination port is in the current board, PP directly forwards the
packets to the port. If the destination port is not in the current board, it forwards the packets
to the uplink interface of the current board. After being switched on the main control board,

the packets are forwarded to the port on the target board. All the operations are performed
at wire speed. In addition, the board can also use a coprocessor to implement packet
processing from L2 to L7 to satisfy complex applications in practice. Figure 18 hows the
operation principles, where the dashed line refers to an optional configuration.
CP
High-speed
XAUI interface
10G Ethernet High-speed
XENPAK PHY PP
optical interface XAUI interface
Figure 18 Operation Principles of the Single-port 10G Ethernet Optical Interface Board
Figure 19 Single-port 10G Ethernet Optical Interface Board Panel

The single-port 10G Ethernet optical interface board uses a hot-swappable XENPAK
optical transceiver, which supports multiple transmission distance requirements, as shown
in Table 6 .
Table 6 Specifications of the Single-port 10G Ethernet Optical Interface Board
SC connector. 8 or 9 125mm single-mode fiber. Wavelength: 1310nm. Max.
LR (XENPAK-S10K)
transmission distance: 10km
LH (XENPAK-S40K)
2.5.7 2-Port 10G Ethernet Optical Interface Board

The 2-port 10G Ethernet optical interface board provides two 10G Ethernet interfaces with
XENPAK connectors. Packets received from the 10G Ethernet interfaces get to PP through
PHY and MAC, and they are forwarded by PP according to their MAC addresses and IP
addresses. If the destination port is in the current board, PP directly forwards the packets to
the port. If the destination port is not in the current board, it forwards the packets to the
uplink interface of the current board. After being switched on the main control board, the
packets are forwarded to the port on the target board. All the operations are performed at
wire speed. Figure 20 shows the operation principles.
High-speed
XAUI interface
10G Ethernet
XENPAK PHY
optical interface High-speed
10G Ethernet
PP XAUI interface
XENPAK PHY
optical interface
Figure 20 Operation Principles of the 2-port 10G Ethernet Optical Interface Board

Figure 21 2-port 10G Ethernet Optical Interface Board Panel

The 2-port 10G Ethernet optical interface board uses a hot-swappable XENPAK optical
transceiver, which supports multiple transmission distance requirements, as shown in Table
7
Table 7 Specifications of the 2-port 10G Ethernet Optical Interface Board
LR (XENPAK-S10K)
LH (XENPAK-S40K)
2.5.8 POS+GE Optical Interface Board

The POS+GE optical interface board has 12 optical interfaces altogether, among which four
are POS 155M interfaces and eight are GE interfaces. Four of the interfaces support
optical/electrical auto-sensing. Packets received from the POS 155M interfaces are changed
into Ethernet packets when they go through FPGA. They then get to PP with the packets
received from the other eight GE interfaces through PHY and MAC, and all packets are
forwarded by PP according to their MAC addresses and IP addresses. If the destination port
is in the current board, PP directly forwards the packets to the port. If the destination port is
not in the current board, it forwards the packets to the uplink interface of the current board.
After being switched on the main control board, the packets are forwarded to the port on the
target board. All the operations are performed at wire speed. Additionally, the board can
add a powerful coprocessor to implement packet processing from L2 to L7 to satisfy the
complex applications in practice. Figure 22shows the operation principles.
FPGA CP
4 x POS 155M High-speed
optical interface SFP PHY XAUI interface
8 x GE optical High-speed
SFP PHY PP XAUI interface
interface
4 x GE electrical
RJ45 PHY
interface
Figure 22 Operation Principles of the POS+GE Optical Interface Board
Figure 23 POS+GE Optical Interface Board Panel

POS+GE optical interface board uses pluggable SFP optical transceivers, with each GE
interface supporting the four common distances of gigabit Ethernet networks and each POS
interface supporting the three usually used distances, as shown in Table 8 .
Table 8 Specifications of the POS+GE Optical Interface Board


LC connector. 50 or 62.5 125mm multi-mode fiber. Wavelength: 1.25G/850nm. Max.
LC connector. 8 or 9 125mm single-mode fiber. Wavelength: 1.25G/1310nm. Max.
10/100/1000BASE-TX
MDI/MDIX
LC connector. 50 or 62.5 125mm multi-mode fiber. Wavelength: 155M/1310nm.
FX (SFP-M2K) Max. transmission distance: 2km
Transmission power: -19dBm~-14dBm. Receive sensitivity: <-30dBm.
LC connector. 8 or 9 125mm single-mode fiber. Wavelength: 155M/1310nm. Max.
FX (SFP-S15K) transmission distance: 15km
Transmission power: -14dBm~-8dBm. Receive sensitivity: <-31dBm.
LC connector. 8 or 9 125mm single-mode fiber. Wavelength: 155M/1310nm. Max.
FXb (SFP-S40K) transmission distance: 40km
Transmission power: -4dBm~0dBm. Receive sensitivity: <-37dBm
2.5.9 Protocol Processing Unit

The protocol processing unit is used to implement some network functions that are
complicated but do not have high performance requirements. It mainly depends on the NP
to complete operations. When the protocol processing unit receives a packet sent from a
line card through the switching network, it process the packet according to the related
protocol, such as substituting the relevant contents in the packet and the source or
destination address, and then it sends the packet to the corresponding port, as shown in
Figure 24.
High-speed
XAUI interface
10G High-speed
NP XAUI interface
SERDES
Figure 24 Operation Principles of the Protocol Processing Unit

The protocol processing unit has no interface, so its panel is not introduced.
2.5.10 Others
The system has a ventilation system, which is composed of six fans with six LEDs
indicating their status. Solid on means a fan is operating normally and solid off means a fan
fails.

3 S OFTWARE ARCHITECTURE
3.1 Overview
ZXR10 XG series multi-layer switches, 10G MPLS Ethernet routing switches, provide L2
switching, L3 routing, multi-service, wire speed switching, and QoS. Their system software
implements management, control and data forwarding for the system. The basic job
contains system starting, system configuration management, operation of protocols,
maintenance of tables, chip switchover setting and status control, software forwarding for
some special packets.
3.1.1 Operation Support Subsystem

It is to drive and encapsulate the lower layer hardware to support the upper layer software
system. It is mainly to support the operation of the hardware by allocating operational
resources for the hardware and hardware associated interface for the upper layer software.
This subsystem provides system support, system control, version load control, BSP and SSP
via the ROS platform of ZXR10. The system support can be further divided into
management modules over the operation system kernel, process scheduling, process
communication, timer, and memory. Figure 25 illustrates the Operation Support Subsystem.
Operation Support Subsystem
System control
Process
communication
Timer Version load
management
Process
scheduling
Memory
management
System support
VxWorks system kernel
BSP SSP
Hardware
Figure 25 Architecture of the Operation Support Subsystem
3.1.2 MUX Subsystem

The MUX Subsystem implements the exchange between the driver and upper layer
software, and monitors and surveys the switchover chip and the software table of the micro-
code. This subsystem is to distribute, monitor and survey the data. Once the MUX layer
receives packets from the driver module, it distributes the packets by their types according
to the ETHER TYPES field in the MAC frame. The distribution also encapsulates the
delivery function of the driver for the upper layer modules to invoke. When the upper layer
modules send packets or protocol packets, they need to invoke the delivery function of the
MUX. The monitor and statistical function is to provide statistics on the status of the drive

layer, physical layer and the MUX layer, to monitor the access to the register and sniffer of
packets, and to provide interface functions for the OAM modules.
3.1.3 L2 Subsystem
It is to implement configuration management for the link layer (management layer), L2
protocol process (control layer), and data forwarding (data layer or the service layer). The
functional modules are illustrated as follows:
IGMP
STP LACP GVRP Snooping
L2 protocol module
Port
MAC VLAN Port Mirror
Parameters
L2 management module
L2 software forwarding L2 hardware forwarding
L2 switch module
Figure 26 Architecture of the L2 Subsystem
3.1.4 L3 Subsystem
Based on its software layers, this subsystem can be categorized into service control layer
and data forwarding layer. The service control layer contains the TCP/IP protocol stack and
IP forwarding support subsystem. The TCP/IP protocol stack consists of the support
protocol and the routing protocol. The support protocol implements the basic protocols in
the Ipv4 protocol family, provides services for the dynamic routing protocols, and acts as
the carrier of the network management and system supervision. As the service provider of
the upper layer application entities of the routing system, it is made up of IP, ARP, ICMP,
IGMP, TCP, UDP and Telnet protocol entities. The routing protocol is to produce dynamic
routes for unicast protocols like RIP, OSPF or BGP, and multicast protocols like IGMP,
PIM-SM, MSDP or MBGP. The routing protocol also contains LDP, VRRP, and RSVP
related upper layer protocols. The IP forwarding support subsystem functions to add, delete,
modify the forwarding table and associated policies, to create and maintain indices, to
propagate and synchronize the forwarding table, and to exchange data between the CPU and
the switch chip. The IP forwarding layer is to input, forward and output the data in
accordance with the policies, clauses and the routing table produced at the IP service
control layer.

VPN management
MPLS system
system
ACL, NAT, QoS,
VRRP routing policies
Unicast system Multicast system
IP service control layer
Clauses Forwarding table Policy table
Output process
Input process
Forward
process
IP data forwarding layer
Figure 27 Architecture of the L3 Subsystem
3.1.5 Network Management and O&M Subsystem

The foreground NM and O&M subsystem is to implement SNMP agent via TCP/IP, and to
implement management via the executor of lower layer supervised entities. The background
NMS communicates with the foreground NMS via the network, and manages the
foreground system to isolate the management network and the transmission network.
3.2 Fully Distributed Service Processing

ZXR10 T160G and T64G distribute service process among line cards for a collaboration.
Comparing to the centralized processing, the benefits are obvious. The centralized
processing put the service process on the central processing card, from which the line card
can only receive passively the commands. This easily leads to single-point fault, and the
capabilities of the central process board restricts the processing power from great volume
data processing. Distributed processing provides reliable and stable processing for large
volume of data without the deficiencies of the centralized processing. Now all high-end
equipment adopts distributed processing in various degrees. ZXR10 T160G and T64G use
powerful ASIC chips on their line cards to forward Layers 2, 3 and 4 packets at wire speed
without the assistance of the central processing board.
The line card provides expanded assisting processor to handle complicated services that is
beyond the capability of some packet processor, such as NAT, context exchange, and
broadband access.
3.3 Architecture of Layers

3.3.1 Link Layer Protocol Software
Ethernet-II, IEEE802.2, IEEE802.3, and IEEE802.1Q are supported over the Ethernet
interfaces, and PPP and MPPP are supported over the POS interfaces.
3.3.2 Network Layer Protocol Software

The network layer protocol supports only the IP, not L3 protocols such as IPX, AppleTalk.

3.3.3 Upper Layer Protocol Software
The L3 protocols function to:
• Support TCP an UDP.
• Support RIPv1/v2, OSPF, IS-IS and BGP unicast routing protocols.
• Support IGMP, DVMRP, PIM-SM, PIM-DM and MSDP multicast routing protocols.
• Support NAT, TELNET, FTP and TFTP application protocols.
• Support VPN applications: MPLS VPN and MPLS-TE.
3.4 Functional Module

To implement protocols of layers previously mentioned, the software constructed by
functional modules, as shown in Figure 28.
Multicast routing
MPLS protocol
Unicast routing
subsystem
subsystem
Application
subsystem
subsystem
Security subsystem
SNMP subsystem
Alarm statistics
IP support protocol
Maintenance
management
Monitor
subsystem
L2 protocol subsystem
Software forwarding support system
ROS (operating system)
SSP switching and micro-code subsystem

(ASIC chip and micro-code data forwarding)
Figure 28 ZXR10 XG software architecture
3.4.1 ROS
The operating system ROS is a single-processor, multi-task, real-time operating system. It
is the core for software architecture of the routing switch. It is responsible to manage the

hardware architecture of the entire routing switch, providing a uniform operation platform
for the applications of the software system.
Design Requirements
The ROS is designed for the following requirements:
High reliability for long-term stable operation of the Internet backbone network.
Realtime for data synchronization between large-scale dynamic routing protocol, network
management protocol, and multi-processor.
Self-healing for fault recovery and equipment switchover in the case of exception. The
system shall be able to detect, process, and record system exceptions.
Maintainability for necessary retrieval and recording of usage and calls of the kernel
resources and system services.
Simplicity for providing only necessary system services to the applications and shielding
unnecessary system services.
Encapsulation to totally mask the hardware features for independence of the application
layer of the hardware; to totally encapsulate the kernel resources and system services of the
third-party’s real-time operating system so as to provide a uniform and transplantable
software platform to applications of various processors.
Overall Design
Based on the VxWorks kernel, single-processor based process scheduling, process
synchronization, memory management, and timing management shall be implemented.
Kernel functions such as communications between processes of the same CPU and between
processes of multi-processor shall also be provided for a reliable, efficient and stable
services for the upper layer.
Process Management
The process management submodule creates, schedules and synchronize user’s processes
via the task management interface provided by the VxWorks context. Due to a small
number of the user’s processes in the system, the context is used to encapsulate all user
processes at the task level, and the kernel is used to create, schedule and synchronize user’s
processes. Dynamic process creation is not supported. Private processes, user’s processes
not registered at their modules, can not use the timer management and communication
module of the module. They are scheduled by the kernel and they communicate via the
message mechanism of the context with self-management.
According to the location of the target process, communication between processes can be
between processes of the same CPU or between processes of different CPUs, however, they
all take advantage of the message mechanism provided by the kernel. The communication
between processes of different CPUs occurs via 100M Ethernet interfaces on boards. Inter-
board communications depend on TCP connections and communications between processes
depend on priority-based messages. This module provides 4 priorities. With different
algorithms, such as priority identification, weighted priority, different messages are not
modified into multiple priority queues (A message queue is classified into 4 priorities.
Messages are accepted or rejected in accordance with their priorities through dynamic
monitor to the queue length).
The process communication submodule can implement inter-equipment and intra-
equipment communication through asynchronous message mode. Two suspending
mechanisms are provided for the delivery of messages: Suspension with timeout and no
suspension.
Timer and Clock Management

Every process can set multiple timers to trigger timing services and timeout processes. The
timer can be a relative one or an absolute one. The relative timer can be divided into single-
time timer and cyclic timer. According to whether the duration of the timer is configurable
or not, timers can be categorized into named timers and unnamed timers. For the named
timer, you can modify its duration online through the OAM configuration program. In
addition, ROS also supports timers to add a random delay.
Timers adopt timeout appending queue. The actual given time is segmented, and the
corresponding queue index is described in the timer control block. Thus, the inserted delay
can be a constant. It is unnecessary to check the inserting position in the queue every time
you set a new timer, rather, it is appended to the end of the queue. For the timer greater than
999.9 s and the absolute timer, single-queue management is adopted.
Memory Management
Buffers are important resources for the system. To make the best use of the limited memory
resources and to restrict the memory fragments to the minimum, the requirements of the
application layer for buffers are processed differently in the module design. When the
required buffers are larger than 8192 minus the memory block of the buffer description
header, the buffers are to be obtained from the 8 ROS-designated buffers, 64, 128, 256, 512,
1024, 2048, 4096 and 8192. Other requirements for large memory are fulfilled with the
stack management block of the ROS. Buffers of each size are managed through a different
queue. The function interface to apply for or return the buffer is also provided. The buffer
queue is a simple cyclic queue. An idle block is obtained from the head of the queue for the
application, and it is returned to the end of the queue. As the buffer queue is for the
application and return of each task, it is necessary to perform the mutual exclusion control.
Each buffer has a Memory Control Block (MCB), where the records the queue that the
buffer is subject to and the flag that the buffer is taken up or not are kept. When applying
for or returning a pointer, the MCB can also prevent illegal memory being returned to the
queue. It will check simple errors on memory cross-boundary, and invoke the designated
hook process to handle the situation accordingly. In the debugging version, the board with
the MMU can use it to monitor memory cross-boundary.
In the module, the stack management encapsulates the VxWorks memory allocation
function rather simply. The space for the stack is determined at the operation time. The
space of the high end of the physical memory, minus the space from the designated memory
block to the highest end space occupied by the system, will be created as a MEM for
VxWorks. It will be treated as a block. Statistics and memory cross-boundary checks will
be provided for memory allocation and release to/from blocks.
System Control
The system control model functions to:
1. Implement power-on competition between the active and standby MCCs, send
POEERON messages to the corresponding processes in the designated order to awake
them to complete the orderly startup, and start the corresponding processes in order
over the link card.
2. Accept commands, trigger faults, and switch over between the standby and the active
on key triggers (only happens to the MCC, instead of the line card). The switchover is
designed for the reliability of the system. In case faults occur on the active board, the
standby board can take its place for an uninterrupted service. The system control
module is to control the switchover at the software layer by notifying other modules to
handle it accordingly for normal operation of the software system.
3. Maintain the rack diagram on the MCC dynamically. The rack diagram is updated and
refreshed during the operation of the switch. The information contains the operation

status of the rack, that is, information on the boards and ports. When a board is
plugged or unplugged, or a port is up or down, the MCC will process accordingly.
4. Once the MCC receives the message from the process management module, the MCC
starts the timeout timer. After the system control process receives the message from the
timer, it starts to count dots on the interface, stops the counting when synchronization
is completed, and displays a welcome message.
5. To function as follows, start a number of timers with different durations:
• Process monitor: The control process starts the timer periodically to monitor the status
of all processes in the system. When a process is suspended, the prompt information
will be printed in the debug version, and the board will be reset in the release version.
• Clear the WatchDog. The WatchDog is adopted to prevent exceptions occurring to the
board. The software can set the time WDG_TIME. If the WatchDog is not cleared
within this time, it will reset the board. Clearing the WatchDog is implemented by the
control process periodically. If the system control process does not clear the
WatchDog due to its suspension or other reasons, the board will be reset.
• Synchronization of the primary and secondary clocks: To keep the consistency of the
primary and the secondary clocks, the active board starts the timer periodically to
synchronize the current time to the standby board. When the system time is reset on
the active board, the time on the standby board is also modified.
• System operation indicator/panel indicator control: System operation indicators show
the operation status of the system, while panel indicators show the running state of the
boards. The system control process periodically turns on or off the indicators with the
drive functions provided by the BSP to indicate the operation, alarm control and port
status.
• Statistical information: The information consists of resources of the system, and the
states of all processes in the system. Contents of the statistics: Memory size, memory
and COU utilization, operation time of the system, ROS-encapsulated process number
in the system. Parameters of the process: Stack size, scheduled times, CPU using time
and preemption times, and information on the synchronization/asynchronization
message queues.
Version File Loading
For the operation efficiency of the system, the version file loading should reduce its CPU
utilization to the minimum. All compressed files are decompressed on the MCC, so that the
line card CPU needs not decompress the version file when it receives the file from the MCC
via FTP. This is a static version file loading.
First, the MCC download the version file to the local Flash from a specific FTP server via
the network. The local file system adopts the DOS system. When the MCC is in operation,
BOOTROM automatically loads the version file. After the MCC version is in normal
operation, the MCC depresses the version file, puts it in the RADDISK, and creates a FTP
SERVER for a FTP connection. The FTP connection is attempted periodically before the
version file is obtained from the MCC and BOOTROM of the other board. Once the MCC
is in normal operation, the version file is tried to get here.
This version file loading ensures the same version file on both the active and standby
boards. Version updating is simpler and remote version file updating is also available.

3.4.2 SSP Switching Subsystem
The SSP switching subsystem works for the Ethernet exchange chips in the system. It is to
complete hardware initialization and configuration, collection of status and statistics, and
packet exchange between the CPU and the exchange chip. Its functions are as follows:
• Lower layer I/O operations, including direct and indirect read&write to the registry
and the memory.
• Initialization:
• DMA operations, packet exchange between the CPU and the exchange chip
• Port operation, including port configuration, port mirror, port trunk, port rate shaping,
BC/MC/DLF rate restriction and port block.
• VLAN operations, including the addition, deletion and update of VLANs
• L2 MAC table operations, including the addition, deletion, update and aging of the
MAC table
• L3 Routing operations, including the setting and deletion of the precise matching
forwarding table, and the addition and deletion of the longest prefix matching table
• ACL configuration to help to implement QoS
• COS and DSCP to help to implement QoS
• Spanning tree configuration
• LED Operations
• MIB statistics
The forwarding core of the Ethernet routing switch is Ethernet ASIC chip, through which
the Layers 2 and 3 services, ACL and QoS functions of ZXR10 XG series routers are all
implemented after the right configurations. The SSP switching subsystem ensures accurate
and sensible forwarding by configuring the chip attributes in the right way, which is key to
the software of ZXR10 XG.
3.4.3 Coprocessor Software Subsystem

In ZXR10 XG, packets are forwarded at two places: either over the ASIC chip or over the
coprocessor.
The coprocessor system is used to process at wire speed some complicacies that is beyond
the power of the packet processor, such as NAT, context exchange, and broadband access
control.
The micro-code exchange subsystem is designed to adhere to the high efficiencies of ZTE
products. It abstracts and integrates the potential service features with the philosophy of
hierarchical model to provide a forwarding system compatible with various services and is
easily expanded, and to thoroughly shake off the implementation mode that requires special
processing constantly. In this way, the forwarding system can forward services more
efficiently while reducing unnecessary redundant codes. This makes a good foundation
for the expansion and maintenance.
3.4.4 Software Forwarding Support Subsystem

It is a bridge to switch all forwarding table, clause table and policy table as required by the
SSP or NP. It is also responsible to add, delete and update. This subsystem also processes
the data that are beyond the capability of the Ethernet packet processor or the coprocessor,

such as IP packets with options, errors on the IP header. In multicast forwarding, the IP
forwarding support module is responsible to collect the multicast forwarding data of the
link card for the multicast routing protocol to process.
In the NAT service, this subsystem should also maintain the address translation table. In
addition, for the packet with the IP address that can not be handled by some network
processor, the IP forwarding support module should also translate the address.
In broadband access applications, the subsystem is responsible for the authentication,
examination, management and accounting, as well as the maintenance of the access control
information on the Ethernet ASIC chip users or network processor users.
3.4.5 L2 Management and Protocol Subsystem

MAC Address Management Module
In ZXR10 XG, all forwarding tables are closely related to the MAC address, therefore, the
MAC management module is the most basic yet the most important functional module for
the Ethernet switch by maintaining MAC address learning and synchronization. The module
can also perform the following management:
• MAC address binding: Bind a specific MAC address to the port of the switch. The
binding disables further dynamic address learning of the MAC address to limit the
physical location of the user and to protect important MAC addresses.
• MAC address filter: The switch will discard the packet with its destination or source
MAC address a given MAC address to filter out some unwelcome users.
• MAC address number limit: Restrict the number of the MAC addresses of some ports
to control the number of users. It is also for protection to prevent thorough resource
consumption when the ports have suffered from DOS attacks.
• MAC address freezing: In a stable network, freeze some important physical ports, such
as the address of the uplink port, to prevent network interruption by counterfeiting
MAC addresses.
• Multiple MAC address perspectives: Provide statistics from a number of perspectives
to show the VLAN table dynamically or statically, such as the VLAN and the port, for
a network diagnosis or network stability maintenance.
Basic VLAN Modules
The VLAN protocol is a basic protocol for L2 switching equipment. It enables the network
administrator to partition one physical LAN into several virtual LANs. Each VLAN has a
VLAN ID to uniquely identify a VLAN. These VLANs share the switching equipment and
links of the physical LAN.
Each VLAN appears as an independent LAN logically. All frame stream of one VLAN is
restricted within the VLAN. The inter-VLAN access can only be implemented via L3
forwarding, instead of direct access. In this way, the network performance is greatly
improved and the overall steam is effectively reduced in the physical LAN.
VLANs functions to reduce the broadcast storm over the network, hence strengthening
network security and centralized control.
XG series switches support 802.1Q VLAN. For the untagged packet, the system will tag the
packet based on the subnet, protocol or port for rich VLAN feature support.
In the 802.1Q VLAN, a VLAN is expressed with 12 bit number. This restricts the number
of VLANs within 4096, thus, some actual applications. XG series switches make some

expansion in 4 ways. Three of them are QinQ, PVLAN and VLAN translation, and the
other is L3 related Super VLAN.
QinQ Module
QinQ, multi-layer VLAN tag stacking, is an intuitional name for the tunnel protocol
encapsulated with 802.1 Q. The core idea is to encapsulate the VLAN tag of the private
network to the public VLAN tag. The packet traverses the backbone network with dual tags,
thus providing a simpler L2 VPN tunnel for users. The QinQ protocol is simple and easy to
manage. It needs no support of the protocol packet. A static configuration settles all,
therefore, it is especially useful for the convergence layer switches. They can effectively
extend the number of VLANs in the MAN with the support of the QinQ technology.
Now the IEEE is focusing on the specifications for the VLAN stacking, 802.1ad-Provider
Bridge. The external VLAN is defined as Service VLAN - SVLAN. These are still at the
draft stage.
The QinQ functional module in the XG series software system just configures QinQ
statically before configuring the chip. There are two types of VLANs in the context of QinQ:
SVLAN (Service VLAN): VLANs defined over the backbone network.
CVLAN (Customers VLAN): User-defined VLANs.
The software QinQ functional module provides an attribute in the VLAN table to identify
this VLAN a SVLAN or CVLAN. The associated QinQ function for the chip can be set
through the lower layer driving interface function.
PVLAN Module
When all servers are in the same subnet, and they can only communicate with their default
gateways, this new VLAN feature is of private VLAN. In the context of private VLAN, the
switch port can be Isolated port, Community port or Promiscuous port. Each of them
corresponds to a VLAN type: The Isolated port is subject to the Isolated PVLAN, and the
Community port to Community PVLAN. The Primary VLAN represents a Private VLAN.
The Isolated and the Community VLANs can be bind together, so can the Promiscuous port.
In an Isolated PVLAN, the Isolated port can only communicate with the Promiscuous port
with no exchange of stream. In a Community PVLAN, the Community port can either
communicate or exchange steams with the Promiscuous port. The Promiscuous port can be
connected to the router or L3 switch. It can forward its received traffic stream to either
Isolated port or the Community port.
The application of PVLAN is effective to ensure the security of the communication of the
access network. Users only need to attach to their default gateways. A single PVLAN
provides secure connections as the L2 does with no multiple VLANs and IP subnets. All
users are accessed to the PVLAN to connects to the default gateway with no access to any
other user within the PVLAN. The PVLAN ensures no communication between ports of the
same VLAN, but is capable of trunk port penetration. In this way, users within the same
VLAN will not affected by the broadcast.
The PVLAN does not need the support of the protocol packet. A static configuration on the
ZXR10 XG settles all.
VLAN Translation Module
VLAN translation is a functional extension of the VLAN. If a port of the switch enables
VLAN translation, the packets flowing through this port should be tagged packet. VLAN
translation searches in the MAC – VLAN table with the port number plus VID of the tagged
packet as the index to get a new VID. Then the data stream is switched within the new
VLAN. Hence, the translation from one VLAN to another is implemented.

VLAN translation itself needs no support of the protocol packet. It can be implemented
through static configuration. Note that the VLAN cannot be partitioned on the MAC
address basis one VLAN translation is enabled, and vice versa.
Super VLAN Module
The Super VLAN can locate the hosts attached to a same physical equipment but subject to
different virtual broadcast domains in the Ipv4 subnet with the same default gateway. In a
large-scale switching LAN, this mechanism has many advantages compared with the
traditional Ipv4 addressing system. Most of all, it still adopts the address space utilization of
the Ipv4 system.
The Super VLAN enables re-partition of the VLAN with the concepts of Super VLAN and
sub-virtual network. One or multiple sub-virtual networks can belong to one Super VLAN
with the default gateway IP address of the Super VLAN.
Super VLAN is purely software function. It is transparent to the ASIC chip and data are
switched according to the VLAN configuration in the software module. The PVLAN does
not need the support of the protocol packet. A static configuration on the ZXR10 XG settles
all.
Spanning Tree Protocol (STP) Functional Module
STP is to detect loops between L2 switching functional units and remove them as well as
provide a redundancy link to improve the performance and reliability of LANs.
The STP module provides the following two functions of:
• Preventing the broadcast storm of LAN caused by the network loop, and providing a
backup redundancy path.
• Detecting the change of the topology structure and configuring a new spanning tree
topology according to this change.
The STP algorithm executed on the switch in a subnet will help to form a dynamic topology
of a spanning tree, which can ensure that no loop exists between any two workstations
within an LAN to prevent the broadcast storm from occurring. This algorithm can monitor
the change of the topology structure and help to establish a new spanning tree according to
its change. It can offer the switch a certain error tolerance capability to reconfigure the
topology structure of the spanning tree. Then the switch will monitor and update the MAC
route table according to the status of the dynamic topology structure of the spanning tree to
finally implement the routing on the MAC layer.
The purpose of spanning tree algorithm is to let the switch dynamically find a loop-free
subset (tree) with the topological structure and ensure an adequate connectivity. In this way,
if two LANs have the physical connection, the corresponding spanning tree path is
generated. Every line patterns including nodes or connecting nodes has one spanning tree,
which guarantees the destination connectivity and that no cycling is generated. Therefore,
the spanning tree algorithm and protocol can prevent the network cycling issues occurring
in any dynamic topology structure and remove the loop between two working stations.
The multiple spanning tree protocol (SMTP) defined by IEEE802.1s is compatible with the
RSTP protocol defined in IEEE802.1w and the common STP protocol defined in
IEEE802.1D, therefore only the multiple spanning tree protocol (MSTP) needs to be
implemented by the STP software module. The RSTP or STP can be enabled forcibly when
enabling the MSTP protocol, so the combination using of STP and RSTP can be supported.
The functions of enabling STP on the aggregation link and on the port are supported.
The ZXR10 XG series supports STP, RSTP, MSTP as well as the hybrid networking of
these three.
Link Aggregation Module

Link aggregation means that physical links with the same transmission media and
transmission rate are bound together, making them look like one link logically. The link
aggregation allows parallel physical links between the switches or between the switch and
the server to increase the bandwidth in multiples and simultaneously. So, this technology is
quite important in increasing link bandwidth and creating transmission elasticity and
redundancy. The link aggregation technology can be used to create a connection of
multigigabit in the Gigabit Ethernet network and to create a logical link with a higher
transmission rate in the fast Ethernet network. The link aggregation technology serves a
good protection purpose. If some links in a group of aggregation link are faulty, the
communication on them will be switched to the normal link rapidly.
The ZXR10 XG series implements the link aggregation protocol (LACP) defined in
IEEE802.3ad and supports the link aggregation on the ports of the fast Ethernet network
and 10G Ethernet network and 10G port as well as the inter-board link aggregation.
Port Mirroring Module
The port mirroring function enables the traffic on one port to be copied to another port so
that the network administrator can perform a real-time flow analysis for diagnosing network
faults. This is a means for the network administrator for monitoring the network. Every port
of the ZXR10 XG series can be configured as a mirroring port. And it supports the
mirroring between ports of different rates and from multiple ports to a mirroring port, cross-
line card port mirroring as well as simultaneous mirroring of multiple mirroring groups.
IGMP Snooping Module
IGMP Snooping is to maintain the corresponding relationship between the multicast
addresses and VLANs by snooping the IGMP packet communicated between users and
routers. It maps the members in one multicast group in one VLAN and forwarded the
received data packet only to the VALN corresponded to this multicast group. Same as
IGMP, IGMP Snooping is also used to manage and control the multicast group. And both of
them use the IGMP packet. Their difference is that IGMP runs on the network layer while
IGMP Snooping runs on the link layer. When the switch receives the IGMP packet, IGMP
Snooping will analyze the information carried in the IGMP packet and establish and
maintain the MAC multicast address table on L2.
If ZXR10 XG series has enabled IGMP Snooping, the multicast packets will be multicast
on layer 2, while if ZXR10 XG series has not enabled IGMP Snooping, the multicast
packets will be broadcasted on layer 2.
802.1X Module
802.1X, a Client/Server-based access control and authentication protocol, authorizes users
to access the system services via this port by giving them authentication so that the
unauthorized data transmission between users and services provided by the system are
inhibited.
With the 802.1X access control, only the EAPOL frame is firstly allowed to pass the port,
and other data can pass this port only after being authenticated.
With 802.1X, of the access nodes of the authenticator system to LAN, two logical ports are
generated: controlled port and uncontrolled port. The uncontrolled port can exchange PDU
with other systems freely no matter whether the port is authorized or not, while the
controlled port exchanges PDU with other systems only when the port is authorized. PAE is
the entity of algorithm and protocol related to the authentication mechanism. PAE of the
requester is responsible for giving response to the request from the PAE of the authenticator
by providing the authentication messages. PAE of the authenticator is to communicate with
that of the requester and submit the messages received from the PAE of the requester to the
authentication server. Then the authentication server will verify these messages to
determine whether authorize the requester to access the authenticator. PAE of the

authenticator controls the port authorization according to the authentication result. PAE of
the authenticator exchanges its EAPOL protocol with that of the requester via the
uncontrolled port and communicates with the RADIUS authentication server with EAPOR.
This 802.1X module functions to:
• Support the functions of the authenticator
• Support the local authentication mode
• Support the PAE of the authenticator to exchange protocols with that of the requester
via an uncontrolled port.
• Support the operation to the controlled port with the AuthControlledPortControl
parameters ForceUnauthorized, Auto and ForceAuthorized.
• Support the operation to the controlled port with the parameters of
AdminControlledDirections and OperControlledDirextions.
• Support the periodical reauthentication to the requester with the reauthentication timer.
• Support the transparent transmission of the 802.1x authentication packets when the
authentication is disabled.
3.4.6 IP Supporting Protocol Subsystem

The IP supporting protocol subsystem includes the following modules:
6. IP basic protocol module
This functions of module include the IP/ICMP/ARP protocol processing and the routing
table management.
The functions of IP protocol processing includes: IP data packets transmitting on the
network layer, error control, IP options provision, TOS, fragment reassembly and security
service. The IP module can support local delivery and route forwarding of the IP packets to
implement encapsulation and distribution of the upper layer protocols.
The ARP protocol is for the conversion between the IP address and the MAC address. The
ARP packet is directly encapsulated with the link frame and it is tightly combined with IP.
The MAC addresses corresponding to the IP addresses can be obtained through the ARP
packet mechanism.
The ICMP protocol is responsible for controlling information or forwarding the faulty
information. Encapsulated with an IP packet and tightly combined with the IP layer, the
ICMP packet is a necessary part to be implemented by IP. The functions of this protocol
includes: receive the ICMP error packets and submit them to an appropriate network layer
for handling, give response to the ICMP request packet , make an ICMP packet and send it
upon the request of the IP layer or the transmission layer.
IP routing table management includes maintaining the routing table maintenance, providing
the operation interfaces for generating, update and deletion of the routing table and for route
checking on the IP layer.
1. TCP protocol processing module. The TCP processing module processes the TCP
data packets from the IP module and sends the protocol data packets such as TELNET
and BGP to the corresponding processing modules.
2. UDP processing module. The UDP processing module processes the UDP data
packets from the IP module and sends data packets such as RIP, SNMP and DHCP in
it to the corresponding processing module.

VRRP
By offering a set of detection and election mechanism, the VRRP fulfills the route backup
function during a multi-access LAN. It mainly backs up the gateway equipment in the
LAN to maintain the network system’s continuous service of the access hosts. In other
words, it backs ups the next hop equipment of the access hosts. The simple detection and
election mechanism provided by VRRP enables a rapid backup switchover in case of
equipment fault in 3~5 seconds, which can meet the requirements of service continuity and
has no special requirements for the access host.
Due to the limitation of the VRRP working mechanism, all cooperating equipments in one
VRRP backup group must be in the same VLAN, that is, not needing to span a network
bridge. Similarly, in the common VLAN networking, the equipments in a backup group
must be in the same VLAN but multiple VRRP backup groups can exist in one VLAN.
Unicast Routing Subsystem
As the origin of the unicast routing forwarding table of the ZXR10 XG series, the unicast
routing protocol subsystem forms an IP unicast routing table through the information
interaction with other routers in the system and collecting the network topology information.
Then it notifies the routing table information to the IP forwarding layer for the ZXR10 XG
series to forward the unicast IP packet.
The unicast routing subsystem is internally composed of the following modules, as shown
in Figure 29 .
OSPF module BGP module RIP module IS-IS module
Unicast protocol interactive module
Figure 29 Block Diagram of the Unicast Routing Protocol Subsystem
• Support RIPV1/V2, clear text authentication and MD5 authentication as well as the
route reallocation.
• Support DEBUG protocol.
• Support the display commands and configuration commands from the primary console
as well as the commands, displays and MIB variable related with SNMP.
• Support the authentication to the routing protocol packets including the simple
password authentication and MD5 authentication to prevent the routing protocol
packed from being altered illegally.
• Support multiple distance measurement criteria, such as physical distance, delay and
throughput efficiency.
• Support the functions of STUB AREA and NSSA.
• Support the area border router or the border router of the autonomous system.
• Support the classless routing and route aggregation.
• Control the route redistribution and route filtering through the RouteMap route
mapping.
• Support the address aggregation on L1 and L2.
• Support the hierarchical routing modes of L1 and L2 as well as the ATT designer.

• Support three area addresses and smooth area address transition.
• Support the balancing load to the same destination.
• Support the clear text authentication to interfaces and areas.
• Support EBGP and IBGP.
• Support EBGP multi-hop technology.
• Support the community attribute and the router reflector.
• Support AS alliance and routing oscillation suppression.
• Support MP-BGP.
• Support MD5 authentication and the route filtering.
• Support the route reallocation.
3.4.7 Multicast Routing Subsystem

The IP multicast routing technology enables the high-speed point-to-multi-point data
transmission in the IP network. As it can efficiently save the network bandwidth and
decrease the network load, this technology is widely used in terms of resource search,
multi-media conference, data copy, real-time data transmission, game and simulation. The
multicast routing protocol can be divided into the intra-domain protocol and the inter-
domain protocol. The inter-domain protocols include MBGP and MSDP, while the intra-
domain protocols include PIM-SM, PIM-DM and DVMRP. The intra-domain protocols
falls into two categories: multicast routing protocol in sparse mode such as PIM-SM and the
multicast routing protocol in dense mode such as PIM-DM and DVMRP. Currently PIM-
SM is put into the most use.
PIM-SM distributes the multicast data packet by constructing a rendezvous point tree to
through the mechanism of joining displayed by the signal sink of the multicast. The signal
sink can be switched to the shortest path tree if some conditions are met. Although PIM-SM
checks RPF with the unicast routing table, it is irrelevant with the unicast routing protocol.
PIM-SM is more suitable for the multicast network where there are latent multicast group
members at the end of the WAN link. In addition, it allows to use SPT, reducing the
network delay caused by the rendezvous point tree use and improving efficiency. So PIM-
SM is a best choice of the multicast routing protocols in the multicast network.
Operating above TCP, the multicast source discovery protocol (MSDP) provides to PIM-
SM the information on the multicast source out of the PIM domain. With MSDP, RPs in
every PIM-SM domain can share the information on the activity source. Every RP is
knowledgeable of the receivers in its local domain. Upon receiving the activity source
information, RP in the remote domain will transmit this information to these receivers. Thus,
the multicast data packet can be forwarded between domains.
By fully supporting PIM-SM and MSDP, the ZXR10 XG series can provide a complete
multicast solution.
3.4.8 MPLS Protocol Subsystem

Basic Principle of MPLS
As a multi-layer switching technology, MPLS integrates layer-2 switching technology and
layer-3 routing technology, and employs labels for converging and forwarding information.
Running under the route hierarchy, it supports multiple upper-layer protocols and can be
implemented on multiple physical platforms.

Label switching can be visually explained with the zip code of a letter. In a certain mode,
the zip code encodes the destination address of a letter and some special requirements (such
as QoS, CoS and management information), and helps to handle the letter more rapidly and
efficiently, thus speeding up the routing process for the letter to arrive at the destination.
The basic idea of label switching is label distribution, that is, bind the label and the network
layer route.
The basic routing mode of MPLS is hop-by-hop routing, allowing a forwarding mechanism
simpler than that of the data packet, so as to achieve more rapid routing. As the universal
method of label distribution and universal routing protocol apply to multiple types of media
(such as packet, cell and frame), MPLS supports efficient and all-purpose explicit routes
(such as QoS routes) and the universal traffic engineering method, as well as other
operation methods. As the core protocol, Label Distribution Protocol (LDP) is combined
with the standard network layer routing protocol, distributes label information among
equipments of the MPLS network, and employs the connectionless working mode. MPLS
may employ the connection-oriented working mode as well. That is, it employs the
signaling protocols to establish explicit routes for the multimedia services that require a
long period and QoS support. In addition, MPLS can employ the working mode that
enables resource reservation but establishes connection inexplicitly. That is, it employs the
protocols of RSVP and RSVP-LSP-TUNNEL mainly for traffic engineering. Besides,
CRLDP, the extended protocol of LDP implements the explicit routes of some paths.
The operating principles of MPLS network are as shown in Figure 30. The figure shows
that the core structure of a MPLS network is composed of Label Edge Switch Router (LER)
and Label Switch Router (LSR). Label information is distributed between LER and LSR
as well as between LSRs via LDP. The network routing information comes from some
common routing protocols such as OSPF. The Label Switching Path (LSP) is established
according to the routing information. When the packet enters LER, the ingress LER will
search the routing table according to the input packet header to specify the LSP to the
destination, then add the corresponding LSP label that has been searched out to the packet
header, and output the packet to the path with the label ID. However, the network node will
be forwarded in the label switching mode simply according to the packet label, without
searching the routing table, while the egress LER will forward the packet to the destination
in a certain rule.
LDP
IP routing processing
LSR LSR
Ingress LDP LDP

Egress
LER LER
3 6 8
In Out In Out In Out In Out
3 3 6 6 8 8
Figure 30 MPLS Operating Principles

As shown in Fig. 3-7, the MPLS header contains 2-bit labels, 3-bit EXP (presently it is
CoS), 1-bit S used to identify whether this label is at the lowest bottom layer and 8-bit TTL-
Time To Live.

Label 32 bits
L2 header MPLS header IP header Data
Figure 31 MPLS Header Structure
MPLS determines whether to forward according to the label. Label is a fixed-length ID of

20-bit and has the local effect only on one hop of link. What the label identifies is a group
of packets in the forwarding equivalent classification (FEC). The group of packets may be
all packets reaching the same destination address prefix or the packets with the similar QOS
requirements. Packets in the same FEC are forwarded through the same forwarding strategy.
When a unlabelled packet enters a MPLS domain, LSR on the edge will analyze the
destination address carried in the header and allocate this packet to a certain FEC as
required by QoS and then tag a corresponding FEC label to it before forwarding it to the
next hop. The middle LSR maintains a mapping relationship table of incoming labels,
outgoing labels and forwarding directions. When it receives a labeled packet, it will take the
incoming label carried by it as an index to find its corresponding outgoing label and
forwarding direction in the mapping relationship table, and then replace this incoming label
with a valid outgoing label before sending it to the next hop. Before leaving the edge LSR
of this MPLS domain, the label will be removed and the restored unlabelled packet will be
sent to the next hop.
During the forwarding process, the label can also be handled in the form of stack. The value
of the label at the top of the label stack is valid and LSR will forward packets according to
it. After entering a MPLS domain, a packet will put a label at the top of the label stack so
that the stack depth is increased by 1. LSR in this domain only checks and replaces this
label rather than any others in the stack. Upon leaving this domain, the stack depth will be
restored to original. For an unlabelled packet, the label stack can be regarded to be empty,
and adding label to it during its first time to enter the MPLS network environment can be
regarded as stacking operation. Thus, MPLS can easily implements the network hierarchy.
The depth of the label stack indicates the layer of the network: If a packet passes tunnel or a
MPLS network at a lower layer, the stack depth will increase, vice versa.
Presently the ZXR10-XG series can provide a complete MPLS protocol, which functions to:
• Support LDP and RSTP.
• Support decreasing of TTL value, loop detection, strategy management and the
popping –up of the second hop counted from back.
• Support the downstream autonomous label distribution mode and free label holding
mode.
• Support the rapid rerouting as well as the establishment of CR-LSP and RSVP-LSP.
L3 VPN of MPLS

Client edge VRF table

VRF table
equipment
Backbone routing switch VPN1
VPN1
CE
CE
PE
PE P VPN2
VPN2
Backbone edge CE
CE
routing switch
Figure 32 Basic Model of BGP MPLS VPN

As shown in Figure 32, a basic BGP/MPLS VPN network is composed of CE router, PE
router and P router. CE, as the edge equipment of client, refers to the routers or switches
connected to the network of carriers. The VPN function is provided by the PE router, while
the P router and the CE router have no special requirement for VPN configuration.
To isolate route of one VPN from those of the public internet or other VPNs, the PE router
provides an isolated virtual routing forwarding (VRF) function to every VPN and generates
a VRF table for every VPN connected with a CE router. Clients or sites in this VPN can
only access the VRF table in this VPN.
During the BGP/MPLS VPN network construction, MP-BGP must be ran on every PE
router (MP-BGP must be ran between PE routers in MPLS VPN) for the learning and
announcing of VPN routes between PEs. MP-BGP inherits the feature of BGP that the BGP
routes are announced by the mode of full connection between peers running IGMP within a
same route domain. In the case that there is a large number of PEs, severe n exponential
issues and extendibility problem will come out. To avoid these problems, route reflector can
be used.
For the two sites in different ASs in a same VPN, the corresponding PE router will forward
the VPN-IPv4 routes through the EBGP connection rather than through the IBGP. The
specific methods include: back-to-back VRF method, distributing labeled VPN-Ipv4 routes
from one autonomous system to another and distributing the VPN-Ipv4 routes with Multi-
hop EBGP.
The ZXR10 XG series supports a perfect MPLS L3 VPN function, address overlapping,
accesses of CE static route, RIP, OSPF and BGP, BGP extension attribute, ability
negotiation and route refresh and VRF binding on interface and in VLAN.
L2 VPN of MPLS
Generally L2 VPN of MPLS falls into two categories: One is virtual private wire service
(VPWS), which is to enable communications between nodes in VPN in point-to-point
connection mode. This mode is mostly used by users in ATM or FR connection. The
connection between users and network providers are fixed but the encapsulated services
will be transmitted on the IP backbone provided byte network providers. The second is
Virtual Private LAN Service (VPLS), by simulating a LAN SWITCH or a bridge, the
carrier connects all LANs of users to be one simple bridged LAN. The difference between
VPLS and VPWS is that VPWS only provides point-to-point service, while VPLS provides
the point-to-multi-point service. CE in VPWS will send data to a user node along a virtual
line, while CE in VPLS will only send data to all the destinations to its connected PE.

Network of carriers
Site 1 in Site 2 in VPN

VPN of users of users
VC connection
between CE and PE LSP between PEs
Figure 33 Basic Model of VPWS

The direct method to create L2 VPN is to establish a VC connection between CE and PE.
MPLS LSP is used to bear these connections in network of carriers, as shown in Figure 33.
In addition, MPLS flow project can be adopted to meet the QoS requirement of users. It is
quite a large workload to configure PVC between CE and PE and the MPLS LSP for
bearing and an over occupation of LSR resources will decrease the network extensibility.
Taking this extendibility issue into account, the Martini scheme recommends to establish a
fixed amount of MPLS LSP between PE and the network equipment. When VC bear
service between CE and PE needs to come across the network, it will enter the point-to-
point sub-channel (pseudo line) in MPLSLSP. In other words, this LSP can be regarded as
the bear channel for multiple VCs. This is similar with the relationship between VC and VP
in the ATM network. The relevant IETF scheme defines the signaling for establishing the
sub-channels and the encapsulation format for forwarding ATM, FR and Ethernet data
packet through the sub-channel. Although this method saves the network resource (such as
LSP amount), all the sub-channels need to be established manually when creating a large-
scale MPLS VPN, leading to a large configuration workload.
Virtual Private LAN Service (VPLS) is a VPN that can link multiple sites in a single bridge
domain on the IP/MPLS network managed by carriers. Wherever the client sites is located
in VPLS, they are regarded to be in one LAN. VPLS enables the client to accessing network
through the Ethernet interface so that the border of LAN/WAN is simplified and the
services can be provided rapidly and flexibly. In VPLS, the client can fully maneuver the
routes and the IP address project is simplified for all routers of clients in VPLS are in the
same LAN. Its advantages are more obvious comparing with the mesh composing of point-
to-point links. A less complexity of the VPLS service is also beneficial to carriers.
In Figure 34, CE1, CE2 and CE3 are located in VPLS A. They are interconnected via a
packet switching network (here is MPLS network). Every PE has the VPLS capability and a
full-meshed VC connection is established between them. For the communication between
CE1 and CE3, CE1 will firstly learn the MAC address of CE3 based on the data flow. In
addition, on PE1 there should have two layers of labels of PE3. One is the packet switching
label of the external layer, the other is the VC label of an internal layer. Upon receiving the
MAC frame to go to CE3, PE1 will search the labels on the internal layer and the external
layer according to the information of MAC address and VCID and then transmit them after
adding them in the data frame. After reaching PE3, only the label on the internal layer is left.
PE3 gets the port of PE3 connecting CE3 according to this left label and the MAC address,
through which this left label is transmitted and then the data will reach CE3. Thus the
communication between CE1 and CE3 is finished. All the operations are based on the fact
that there are two layers. The routing configuration of users is autonomous without being
involved by carriers so that the management of carriers to the user services is greatly
simplified.

CE1 PE1 PE2 CE2

PE2 CE2
Si BACKBONE Si
NETWORK
VPLS A
VPLS A VPLS A
PE3
PE3
Si
VPLS A
CE3
CE3
Figure 34 Basic Model of VPLS

ZXR10 XG series supports VPWS of Martini scheme, extended LDP and establishes
different LSP channels according to service types. It also supports Ethernet encapsulation
and VLAN encapsulation as well as the VPLS extended on the basis of LDP.
3.4.9 Application Sub-system

Hereby the application subsystem is applied to the upper three layers of the OSI reference
model. Specifically it includes applications of FTP/TFTP, TELNET, DHCP and NAT.
Compared with the bottom four layers, they are the application layers , serving for other
software subsystems actually. FTP/TFTP are for the file system of the router and can
receive the file copying command issued by the operation & maintenance subsystem. Both
of them require the functions of the server and the client. The Server end receives
connection of other clients and indices as well as transmit files. The client end is to transmit
the version files by communicating with hosts (routers) with a server function.
TELNET is for the operation & maintenance sub-system so that the router maintenance
personnel can manage routers through it. Both TELNET and FTP use the primitive
provided by the bottom layer TCP to receive and send packets. While TFTP uses the UDP
at the bottom layer to receive and send packets.
DHCP
DHCP is to manage IP addresses and other related configuration information on the
network in a unified manner in order to reduce the complexity of address configuration
management. When using DHCP in the network, the client and server should be in the
same broadcast domain and ZXR10 XG series should provide the DHCP SERVER function.
There is another case that the DHCP server and users are not in the same broadcast domain
and the client gets an address through the ZXR10 XG, which is called DHCP trunk in
technological term.
ZXR10 XG series implements the built-in DHCP SERVER function and the dynamic
address allocation and management to the DHCP CLIENT and provides the corresponding
service management interfaces to DHCP CLIENT for the user management module on the
destination machine system. It implements the transparent interaction between DHCP
CLIENT and DHCP SERVER, dynamic address allocation and management to the DHCP
CLIENT and provides the corresponding service management interfaces to DHCP CLIENT
for the user management module on the target machine system through the DHCP RELAY
AGENT extension of the DHCP protocol.

NAT
NAT is of three types: static NAT, dynamic unreusable NAT and dynamic reusable NAT.
Under the static NAT mode, the internal private IP address and the external public IP
address are static one-to-one relationship so that the host of a private IP address can
communicate with the outside network by using the corresponding public IP address. Under
the dynamic unreusable mode, the external public IP address pool technology is adopted.
When an internal host needs to access the external host, it can get one external IP address
from the public IP address pool.
After the communication is finished, the IP address will be returned to the IP address pool.
But a public address allocated to one internal host cannot be reallocated to the other internal
hosts in the case of communications between internal hosts. Different from the former
dynamic unreusable mode, under the dynamic reusable NAT (NAPT) mode, a public IP
address can be allocated to several internal hosts simultaneously. The communication
mapping is implemented through the combination of IP address and port No. (port No. for
TCP and UDP, while it is ID No. within the packet for the ICMP packet). This mapping
mode is a SOCKET layer-based mapping, allowing multiple internal hosts to communicate
with the outside network by using external addresses less than number of hosts.
ZXR10 XG series supports the NAT function and the above three address conversion
methods, multiple ALGs such as FTP, H323 and RSTP, port redirection function and meet
the requirements of multiple public network interfaces and private network interfaces. It can
meet the requirements of multiple private network interfaces and public network interfaces.
By combining with the strategy route, different ISPs pass different egresses after NAT.
Multiple configured NAT boards dynamically share the load of the NAT traffic. Once one
NAT board is faulty, another one will immediately replace it, enabling the service can be
restored in a short period.
3.4.10 Statistical Alarm Subsystem

The statistical alarm subsystem is another function to be implemented by ZXR10 XG series.
It interworks with all the other software subsystems. This system receives the statistical
alarm configuration information sent from the maintenance management subsystem. After
receiving the related statistical alarm information from the other software subsystems, it
decides what to do based on the configuration information and the alarm level. For example,
it may log the alarm information according to the file operation primitive provided by the
ROS, notify all the maintenance terminals displaying the alarms, or send the alarms to the
designated destination addresses over IP through the IP routing subsystem. At the same
time, it keeps a copy of all the statistical information and provides a querying interface for
the maintenance management subsystem.
3.4.11 Security Subsystem

Ideally, user-level virus detection is adopted against network viruses, which requires users
to install the patches and anti-virus software. In many cases, however, where users fail to do
so, the switches are required of network-level virus detection and alarming.
In addition, it is necessary for the switches to provide enhanced self-protection capabilities
against malicious attacks that may cause the switches or even the whole network to crash.
The ZXR10 XG series implements network-based security protection capabilities, where
security detection is performed on all modules instead of a special IDS module.
The security subsystem of the ZXR10 XG series functions to:
• Detect viruses (like “SQL Worm”, “Red Code” and “Worm.Blaster”) that cause burst
network traffic, and send alarms or close user ports
• Prevent user ARP spoofing

• Prevent from MAC address flood by limiting the number of MAC addresses on a port
• Set broadcast packet threshold on a port
• Filter L2, L3 and L4 packets with hybrid ACL
• Filter routes
• Disable ICMP redistribution to prevent dummy ICMP packet attacks
• Prevent DoS attacks
3.4.12 Maintenance Management Subsystem

While a routing switch is running, you need monitor it and the whole network in real time
and configure & manage the routers and the network. This gives right to the need of a user
interface with perfect functions and easy operation. This series adopts the general command
line interface of the industry. The command line can implement user mode, privileged mode
and configuration mode for router configuration and fault management.
The maintenance management subsystem receives the user commands sent over Telnet,
interprets the commands and checks their validity, produces execution IDs based on the
interpretation result, and then passes the IDs to the command execution subsystem for
execution. While the commands are executed, the subsystem calls the database module to
save the command configurations.
Generally, the maintenance management subsystem consists of three modules, command
interpretation, command execution and database.
3.4.13 SNMP Subsystem

The SNMP subsystem implements SNMP agent. It supports all the SNMP agent operations
provisioned in SNMP V1/V2c/V3.
The SNMPv1 operations include:
• get-request
• get-next-request
• get-response
• set-request
• trap
• The SNMPv2 operations include:
• get-request
• get-next-request
• get-bulk-request response
• set-request
• inform-request
• snmpV2-trap
The description of Management Information Base (MIB) is defined in SMIv1 and SMIv2.
A MIB consists of:
• Management objects supported by the core routers

• Management objects of the routing protocols
• Management objects of the network management protocols
• Management objects of the TCP/IP support protocols
• Management objects of the high-speed network interfaces
• Management objects of important data and configuration parameters
• Management objects compatible with SMIv1
• System configuration parameters
• Management objects of the other protocols
The subagent functions are implemented by the corresponding software subsystems.
3.4.14 Monitoring Subsystem

The monitoring subsystem of the ZXR10 XG series implements on-line detection of the
boards and ports. The on-line detection for a board falls into the following processes based
on the loop test functions available with different chips of the board:
• Loop test for internal data bus: Tests the connection of the internal data bus.
• Intra-chip self-loop: Tests the main chips on the board.
• Line self-loop: Tests the data transmission on the line.
3.4.15 IPv6 Subsystem

ZXR10 XG series fully supports IPv6, and supports IPv4, dual-stack operation and
conversion between IPv4 and IPv6. For the detailed technical information, refer to ZTE
IPv6 Technical Specifications.

4 ACL FUNCTION
4.1 Overview
The popularization of network applications and the Internet, though greatly improving the
production and operation efficiency for enterprises, has its negative influence in terms of
data security, how to ensure that staff are using the Internet for work purpose only, and so
on. How to manage a network in an effective manner and to minimize its negative influence
has become an important subject confront the network administrators.
Financing Internal servers
Marketing R&D
Figure 35 Enterprise Networking

Figure 35 shows an Intranet with the following network management requirements: First,
some crucial resources on the network shall be protected against unauthorized internal users.
For example, users in Vlan5 (the marketing network segment) are not allowed to access the
internal servers in Vlan2, and only a few officers in Vlan6 (the R&D network segment)
have access to the resources in Vlan4 (the financing network segment). Second, the staff of
the enterprise shall be limited in the available Internet resources. For example, staff in
Vlan5 has access to all the Web sites on the Internet, while the staff in Vlan6 can only
access the Web sites related to R&D. How can a network be designed to meet both
requirements? The answer is to apply the network access limit and control technology, that
is, Access Control List (ACL). ACL uses packet filtering technology on a router or switch
to read the information in L2, L3 and L4 headers such as source address, destination
address, source port and destination port, and to filter packets according to the predefined
rules. In this way, access control can be achieved. Network nodes fall into two categories,
resource nodes and user nodes. Resource nodes provide services or data, and user nodes
access these services or data. ACL functions to protect resource nodes against unauthorized
accesses as well as restricting the access rights of the specific user nodes.
In the Intranet shown in Figure 35, the network administrator can set up a set of ACLs on
the switch and router to limit the network resources available for the staff and to protect
some special network resources. The subsequent section will elaborate on how to configure
the network as shown in Figure 35 with ZTE Ethernet switch ACL technology to meet
above network management requirements.

4.2 ACL Technology of XG Series Switches

ZXR10 XG series provides powerful hardware-based ACL functions and, as packet
forwarding is not affected, implements full wire speed ACL.
In the Intranet as shown in Figure 35, both the router and switch can be implemented by the
XG series switches.
The ACLs of the XG series switches fall into four categories, standard ACL, extended ACL,
L2 ACL and hybrid ACL. These ACLs are detailed in the subsequent sections (taking the
Intranet shown in Figure 35 as an example).
4.2.1 Standard ACL

A standard ACL only filters L3 IP source addresses. In practice, most ACLs filter packets
based on IP source address, so these ACLs are grouped to a category for easy network
management. For example, in Fig. 4.1, the network administrator only allows Vlan5 users
and a few officers in the other segments (Vlans) access to the Internet resources, while the
other users have no access to the external resources. To do so, he can set up a standard ACL
on the router with the following rules:
rule 1 permit 10.1.5.0 0.0.0.255
rule 2 permit 10.1.6.66 0.0.0.0
rule 3 deny any
Then he can bind the ACL to the router’s Vlan3 interface to allow the staff in the marketing
department (Vlan5) and the officer (with the IP address as 10.1.6.66) of the R&D
department (Vlan6) access to the Internet.
For a department with a few staffs, the administrator can easily allow an individual staff
access to the Internet. In some cases, the administrator may wish to prohibit the R&D staff
access to the Internet during working hours while give them access during after hours. Then
he can set up a time range based ACL. First, create the following time range on the router:
Time-range rd-internet 18:00-8:30, 12:00-14:00
Then, modify the above rule as follows:
rule 1 permit 10.1.5.0 0.0.0.255
rule 2 permit 10.1.6.66 0.0.0.0
rule 3 permit 10.1.6.0 0.0.0.255 time-range rd-internet
rule 4 deny any
He can bind the ACL to the router’s Vlan3 interface to allow the staff in the marketing
department (Vlan5) and the officer (with the IP address as 10.1.6.66) of the R&D
department (Vlan6) access to the Internet at any time, and the other staff of the R&D
department access only during after hours.
The limitation of standard ACLs lies in that they only filter source IP addresses. In the cases
where the administrator wish to limit the Web sites and TCP ports available for the staff,
other categories of ACLs are needed.
4.2.2 Extended ACL

An extended ACL filters the fields in IP, TCP, UDP and ICMP headers. An IP header
consists of the following fields: Source IP Address, Destination IP Address, Protocol No.,
ToS, Precedence, Dscp and Fragment. A TCP header consists of Source Port, Destination
Port and Established fields. A UDP header consists of Source Port and Destination Port
fields. A ICMP header consists of Type and Code fields. By filtering multiple fields in L3
and L4 headers, extended ACLs can fit into more complex network management
requirements and classify flows in better granularity.

For example, in Figure 35, the administrator can prohibit the staff in the marketing
department access to the resources of the financing department. To do so, he can set up an
extended ACL on the switch with the following rules:
rule 1 deny ip 10.1.5.0 0.0.0.255 10.1.4.0 0.0.0.255
rule 2 permit ip 10.1.5.0 0.0.0.255 any
Then he can bind the ACL to the switch’s Vlan5 interface to prohibit the staff in the
marketing department access to the resources of the financing department.
In Figure 35, the administrator can also prohibit the staff in the R&D department access to
the internal servers over Telnet. To do so, he can set up an extended ACL on the switch
with the following rules:
rule 1 deny tcp 10.1.6.0 0.0.0.255 10.1.2.0 0.0.0.255 telnet
Then he can bind the ACL to the switch’s Vlan6 interface to prohibit the staff in the R&D
department access to the internal servers over Telnet. The following configurations can
simply prohibit the staff in the R&D department access to the internal servers over Telnet
during after hours. First, create a time range on the switch:
Time-range rd-telnet 18:00-8:30, 12:00-14:00
Modify the above rules as follows:
rule 1 deny tcp 10.1.6.0 0.0.0.255 10.1.2.0 0.0.0.255 telnet time-range rd-telnet
Then bind the ACL to the switch’s Vlan6 interface to prohibit the staff in the R&D
department access to the internal servers over Telnet during after hours.
Extended ACLs filter the ToS, Precedence and Dscp fields in an IP header, so they can be
applied to QoS traffic classification to provide differentiated QoS guarantee for different
categories of traffic. For QoS related information, refer to the subsequent chapter.
4.2.3 L2 ACL
L2 ACLs filter the fields in L2 headers such as Source MAC, Destination MAC, Ethernet
Protocol Type, VLAN Tag and VLAN Priority. L2 ACLs are applied to access control
within a network segment. In the case of IP address irrelevancy or non-IP protocols,
filtering L2 MAC address and VLAN Tag can help protect some given network resources.
For example, in Figure 35, part of the computers in the R&D segment are for experiment
purpose and do not have fixed IP addresses. The administrator can allow these computers
access to the internal resources of the R&D segment only, instead of any other Intranet
resources. To do so, he can set up a L2 ACL on the switch with the following rules:
rule 1 deny ip ingress 00d0.d0c1.12e3 0000.0000.0000 any
rule 2 deny ip ingress 00d0.d0c1.12e4 0000.0000.0000 any
rule 2 permit ip ingress any egress any
Then he can bind the ACL to the switch’s interface for the R&D department to allow the
two experiment hosts (with the MAC addresses as 00d0.d0c1.12e3 and 00d0.d0c1.12e4)
access only the internal resources on the R&D segment instead of any other resources on
the Intranet.
In addition, the administrator can define an active time range for the L2 ACL like what he
did for a standard or extended ACL. Up to 100 L2 ACLs can be set up in the system, each
of which can include up to 128 rules.

4.2.4 Hybrid ACL
Hybrid ACLs filter L2, L3 and L4 headers. The fields in a L2 header are VLAN Tag,
Source MAC Address and Destination MAC Address; the fields in a L3 header are Source
IP Address, Destination IP Address and IP No.; the fields in a L4 header are Source Port
and Destination Port. Bringing together the features of extended ACLs and L2 ACLs,
hybrid ACLs improve the controllable access to network resources with IP-MAC binding.
For example, in Figure 35, the IP addresses of the internal servers are uneditable. Assume
there are three servers on the Intranet: 10.1.2.10 is available every Monday, Wednesday and
Friday, 10.1.2.12 is available every Tuesday, Thursday and Saturday, and 10.1.2.14 is
available every day. First, create the following time ranges on the switch:
Time-range server1 Monday, Wednesday, Friday
Time-range server1 Tuesday, Thursday, Saturday
Set up a hybrid ACL on the switch with the following rules:
rule 1 permit ingress 00d0.d0c1.12fe 0000.0000.0000 egress any ip 10.1.2.10 0.0.0.0 any time-
range server1
rule 2 permit ingress 00d0.d0c1.12de 0000.0000.0000 egress any ip 10.1.2.12 0.0.0.0 any time-
range server2
rule 3 permit ingress 00d0.d0c1.12f5 0000.0000.0000 egress any ip 10.1.2.14 0.0.0.0 any
rule 4 deny ingress any egress any ip any any
Then bind the ACL to Vlan2 interface of the internal server segment so that
00d0.d0c1.12fe:10.1.2.10 will be available every Monday, Wednesday and Friday,
00d0.d0c1.12de:10.1.2.12 will be available every Tuesday, Thursday and Saturday, and
00d0.d0c1.12f5:10.1.2.14 will be available every day

5 QOS TECHNOLOGY
5.1 Introduction
5.1.1 Background
The current Internet provides “best-effort” services. In this mode, all the services are treated
impartially and compete equally for network resources, the router processes all the IP
packets in First Come First Service (FCFS) mode and make best efforts to transmit the IP
packets to the destination. However, it does not guarantee transmission reliability and delay
to the IP packets. This service mode is quite suitable for Email, Ftp and WWW services.
With the rapid development of the Internet, IP services grow fast and become increasingly
diversified. Especially, with the expansion of the multimedia services, computers are not
confined to data processing any more, become closer to life and interact with other more
synchronously and vividly so that they place higher requirements on computer internets.
For applications with special requirements for bandwidth, delay, delay jitter, the current
“best-effort” services is apparently not enough. Although the development of network
technologies greatly increases the network bandwidth and speed, yet data transmitted
through the networks grow almost evenly with the network development, even faster, which
makes the network bandwidth and speed still a bottle-net issue. In addition, some new
applications emerging in recent years (such as multimedia and multicast applications), not
only increase the network traffic, but also change the traffic qualities. So they are in need of
brand-new services. Without QoS, you cannot reserve bandwidth and restrict network delay.
Thus the network cannot support VoIP, video conference and other applications sensitive to
network bandwidth, delay, jitter and loss rate.
5.1.2 Functional Requirements

QoS aims at providing end-to-end service quality control or guarantee for users. QoS refers
to the network units (such as application, host or network devices) that assure their service
stream and requirements satisfied at a specified level. QoS can control all kinds of network
applications and satisfy their requirements, including:
Resources control: restrict the backbone bandwidth occupied by FTP and assign higher
priority to database access.
• Tailorable services: for Internet Service Provider (ISP), its users may transmit voice,
video or other real time services. QoS can help ISP differentiate dissimilar packets and
provide various services.
• Coexistence of diversified demands: guarantee bandwidth and low-delay to time
sensitive media services without the effect of other services using the same network.
• QoS does not create bandwidth, just manage bandwidth according to network status
and requirements of the applications. QoS has a suite of performance parameters,
including:
• Service availability: The reliability of the service connection from users to the Internet.
• Transmission delay: Also called latency, referring to the time interval from packet
transmitting to packet receiving between two reference points.

• Variable delay: Also called jitter, referring to the time difference among packets in a
data flow transmitted over the same route.
• Throughout: The rate at which packets are transmitted through the network, which can
be indicated with the mean rate or peak rate.
• Loss rate: The maximum ratio of lost packets during the packet transmission on the
network. Normally packet loss is caused by network congestion.
To get required QoS from ISP, users have to sign Service Level Agreement (SLA) with
ISPs and ISPs have to sign Traffic Condition Agreement (TCA) among themselves. SLA
specifies which service class and how many service streams in each class ISP should
provide for the client network. TCA specifies some conventions that the data flow between
ISP should satisfy.
When the data flow entering DS, the ingress nodes classify them, condition them and save
status information of the single flow or aggregate flow. Then, based on conventions defined
with users in advance, the data flow experience metering, marking, shaping and dropping to
make them compliant with SLA, in addition to marking DSCP value in the packet header
and adding into corresponding Behavior Aggregate (BA). The egress nodes may also
condition the outgoing flows to make them compliant with TCA of the downstream DS.
To attain the above tasks, network elements in the QoS domain provide the following
functions:
• Packet classification and coloring

• Traffic policing
• Traffic shaping
• Congestion avoidance
• Queue management and scheduling
5.1.3 Service Model

• One method to implement QoS is to assign resources to every data flow in accordance
with requirements of each service class. This method adopts “resource reservation” to
assign bandwidth, which is not suitable for “best-effort” applications. Because of the
limitation of bandwidth resource, designer of QoS introduces the concept of priority so
that the data stream transmission in best-effort mode can be supported after resource
reservation. IP QoS has two basic types:
• Based on resource reservation: according to QoS requirements of a certain service,
assign the network resource and establish the resource management strategy.
Integrated Services (IntServ) that is proposed by Internet Engineering Task Force
(IETF) is based on this strategy with Resource reSerVation Protocol (RSVP) being its
core.
• Based on priority: at the network boundary nodes, classify, shape and mark the service
flow. The core node assigns resource based on the resource management strategy and
gives priority to services requiring higher QoS. Differentiated Services (DiffServ) that
is proposed by IETF is based on this strategy.

• These QoS models are used for a single flow or the aggregate flow. Based on
difference in data flow, IP QoS can be classified into:
• Used for the single flow: The single flow refers to the single and one direction data
flow between receiver and transmitter, which can be sorted by the transfer protocol,
source address, source port number, destination address and destination port number.
• Used for the aggregate flow: The aggregate flow is composed of two or more single
flows. These flows share some common grounds in one or many parameters, tag or
priority level and some authentication information.
• To resolve the IP QoS issue, IETF has put forward several service models and
mechanism, including:
• IntServ/RSVP: Use RSVP to propose Flowspec, establish and remove the traffic flow
status on the transmission path. The host and network nodes establish or retain traffic
flow status. Although RSVP are frequently used in the single flow, it can also be used
in resource reservation of the aggregate flow.
• Differentiated service: In the differentiated service network, the boundary router
classifies users into different levels based on stream profile, and then aggregate them
into the aggregate flow. The aggregate information is stored in Differentiated Services
CodePoint (DSCP) located in the header of the IP packet. The internal nodes provides
different scheduling forward services based on DSCP.
• MultiProtocol Label Switch (MPLS): Based on tags in the packet header, it provides
bandwidth management for flow aggregation through network path control.
• Subnet Bandwidth Management (SBM): It is responsible for the classification and
priority arrangement of OSI L2 (data link layer), exchanging and sharing with the
IEEE 802 network.
Theoretically, the IntServ/RSVP model can fully guarantee providing QoS for the IP
network. However, some experiments on the networks show this service model has
apparent limitation, such as poor scalability, another bigger problem is that it requires the
core network device to retain the status of every single flow passing by, which the core
network device cannot do. Although both main network device manufacturer and host
support the widely accepted RSVP, yet it does not be the mainstream for the following
reasons:
• Poor scalability is the biggest problem facing the IntServ/RSVP model. The flow-
based resource reservation, scheduling processing and buffer management of
IntServ/RSVP model, all attribute to providing QoS. But status information increases
with traffic flow. Routers on the way have to maintain a “soft state” for every data
flow, but the memory capacity of the network device is limited, so is the soft state
information that can be saved, thus the network with one carrier can hardly fulfill this
requirement.
• It places high requirements on the network device. All the network devices in the
network have to support RSVP signally protocol, access control program, classifier
and scheduler.

• RSVP import the concept of per-flow state. For data communication and real time
application communication, IP network plays two different roles at the same time:
connection-oriented and connectionless oriented network. It provides two functions,
which comes into collision with the simple design principle.
• Resource reservation is not suitable for short time flows such as Web flow, however,
in the Internet traffic of the Web flow exceeds 50%.
• In IntServ/RSVP there still exists the contradiction between resource reservation and
routing protocol. From the view point of route, it is a good path. But seen from
resource reservation, a path cannot be established for the data flow due to resources
limitation. Therefore, this process stops there and waits for the upper timeout to
remove this application and reestablish a path.
Therefore, it is hard to fulfill the QoS guarantee of IntServ for it needs flow-based and
complex resource reservation, access control, QoS routing and scheduling mechanism. In
complicated and large-scale networks such as Internet, the link status is uncertain and it is
very hard to reserve bandwidth resource effectively. Moreover, resource reservation itself
comes into collision with the biggest feature of the IP network “connectionless”. Some
more important problems facing IntServ are scalability and robustness. The problems
appear because it is hard to maintain the state consistency of the dynamic, duplicatable
transmission flows in the distributed network environment.
DiffServ features with simplicity, effectiveness and good scalability. To implement
DiffServ, use the aggregation mechanism to aggregate the service stream with same
characteristics, provide services for the entire aggregate flow not the single flow. In other
words, DiffServ network border devices maintain per-flow state, and the core network
device is only responsible for packet forwarding, not for maintaining the state information.
This Core-Stateless structure has strong scalability.
Diff-Serv reduces the workload of signaling, and focuses on the aggregated data flows and
a set of Per Hop Behavior (PHB) applicable to the class of service of the entire network.
We can classify the data flows based on the rules pre-determined, so as to integrate multiple
kinds of application data flows into several definite data flow levels. Boundary nodes
depend on the flow profile and resource reservation information to classify, shape, mark the
service stream and aggregate them into different flow aggregation. The flow aggregation
information is contained in DSCP of the IP packet header. The core network devices serves
flow aggregation when forwarding the IP packets, and provide different forwarding QoS
based on the header of the IP packet. This method of forwarding packets of different types
is called PHB, a relative priority mechanism.
5.2 QoS of ZXR10 XG Series Switches

ZXR10 XG series switches provide complete IP DiffServ QoS support, which is fully
compatible with related standards of IETF DiffServ resolution such as RFC2474, RFC2475,
RFC2497 and RFC2498, taking IP precedence or DSCP as QoS in-band signaling and
supporting DiffServ related functional components including traffic conditioner (such as
classifier, marker, measurement unit, shaper and dropper) and all kinds of PHB (congestion
management and congestion avoidance).
QoS of the Ethernet switch has the following features:
• Packet classification
• Priority marking

• Congestion management
• Congestion avoidance
• Traffic policing
• Traffic shaping
• Physical interface link rate
5.2.1 Packet Classification and Priority Marking

Packet classification refers to classifying packets into different service types or priority
levels. Using the IP priority in the IP packet header to mark the packet, you can classify
them into 8 types at maximum. Using DSCP, you can classify them up to 64 types at
maximum. After the packet classification, you can apply the QoS features to different types
and implement type-based congestion management and traffic shaping.
The network administrator can establish a strategy for packet classification. The strategy
contains in-band signaling such as IP priority or DSCP value of the IP packet and CoS
value of 802.1p, in addition to input address, destination address, Mac address, IP or port
number of the applications. The result of the classification is not limited by the scope. It can
be a flow determined by the five-element group (source address, source port number,
protocol number, destination address, destination port number), or all the packets to a
certain network segment. You can use ACL, especially the extended ACL, to classify the
packets into different types on demands.
You can mark the IP priority or DSCP when classifying the packets on the network border.
Therefore, you can simply use the IP priority or DSCP as the classification standards inside
the network. The queue technology is applied to process packets differently based on its
priority. The downstream network can receive the result of the classification made by the
upstream network, or reclassify the packet traffic based on its own standards.
For example, make the following classification or marks on the network border:
Aggregate all the VOIP packets into the EF service type, mark the IP priority level of the
packets as 5 or DSCP value as EF; aggregate all the VOIP control packets into the AF
service type, mark its IP priority as 4 or DSCP value as AF31.
After the packets are classified and marked on the network border, the intermediate network
nodes can provide differentiated services for traffic of different types based on their marks.
For example, provide traffic policing and guarantee delay and jitter deduction to the EF
service type mentioned above; guarantee some bandwidth to the AF service type in case of
network congestion.
5.2.2 Congestion Management

Generally, the queue technology is adopted for congestion management. By the technology,
the packets are cached into the queue on the router according to certain strategies, then
taken out from the queue and sent out the interface according to certain scheduling
strategies. Based on the input and output queue strategy, congestion management can be
sorted into several types:
1. First In First Out Queuing (FIFO)
Output
Incoming packets Queue scheduling Outgoing packets
Figure 36 Schematic Diagram for FIFO Scheduling

As shown in Figure 36, FIFO does not classify packets. When the packets enter the
interface faster than they leave the interface, FIFO allows packets to enter and leave the
interface in order of precedence.
2. Strict Priority Queuing (SP)
Incoming packets Outgoing packets
Classification
Output scheduling
Queue
Figure 37 Schematic Diagram for SP Scheduling

As shown in Figure 37, SP classifies packets and the classification standards can be CoS of
VLAN, priority or DSCP of the IP packets and multi-element group. In Figure 37, all the
packets are classified into 4 types with each type corresponding to one of the four SP
queues. Then the packets are sent to the corresponding queue based on their types. SP has
four types of queue: high, medium, normal and low. When packets leaves the queue, SP
first allows packets of high queue to leave and to be send, then packets of the medium
queue, and so on. Thus, packets of higher priority queue can be sent first. Packets of low
priority queue such as E-Mail have to wait until all packets of higher priority (such as VOIP)
finish processing when congestion occurs, then these packets of lower priority are handled
during the leisure time after the network finishes processing key services. This method can
ensure the precedence of high priority services and take full advantage of the network
resources.
3. Weighted Round Robin Queuing (WRR)
Outgoing packets
Incoming packets
Classification
Eight queues
WRR scheduling
Queue
Figure 38 Schematic Diagram for WRR Scheduling

As shown in Figure 38, WRR classifies packets into 8 types by conditions such as the CoS
value of VLAN, priority level or DSCP of the IP packet, multi-element group, with each
type corresponding to one of the eight queues of WRR, and then sends packets to its
corresponding queue based on their types. Eight queues of WRR are assigned proportion of
interface bandwidth according to user defined rules. When packets leaves the queue, WRR
takes some amount of packets out from No. 1 to No.8 queue and sends them out the
interface according to defined bandwidth proportion.

4. Deficit Weighted Round Robin Queuing (DWRR)
Outgoing packets
Incoming packets
Classification
Eight queues
DWRR scheduling
Queue
Figure 39 Schematic Diagram for DWRR Scheduling

WRR scheduling is based on packets. DWRR, unlike WRR, allows for the packet length
and is based on bytes so that it further improves the fairness of queue scheduling.
Based on the queue weight, DWRR assigns Quantum values to each queue, determines the
number of bytes that each queue can sent based on the current deficit counter, then decides
on the bandwidth of each queue.
5. Weighted Fair Queuing (WFQ)
Outgoing packets
Incoming packets
Classification
WFQ scheduling
Eight queues WFQ scheduling
Queue
Classification Queue caching Deciding queue weight based on the

based on flow QoS parameters and other factors
Figure 40 Schematic Diagram for WFQ Scheduling

As shown in Figure 40, WFQ classifies the packets by flows. For the IP network, packets
with the same source IP address, destination IP address, source port number, destination
port number, protocol number, IP priority belong to one flow. While for the MPLS network,
packets with the same label and EXP field value belong to one flow. Each flow is assigned
to one queue, remember to assign different flow to different queue. There should be eight
queues at maximum. When packets leaves the queue, WFQ assigns egress bandwidth
occupied by each flow based on the IP priority of the flow. The flow with lower priority
occupies less bandwidth, while flow with higher priority occupies more. Thus it can ensure
fairness between services with same priority and show queue weight among services with
different priority. Suppose that at present, there are eight flows on the interface with their
priority levels respectively being 0, 1, 2, 3, 4, 5, 6, 7, then the total quota of bandwidth
should be the summation of adding 1 to the priority level of each flow, that is, 1 + 2 + 3 + 4
+ 5 + 6 + 7 + 8 = 36. So proportions that each flow occupies should be: its own priority
level + 1/the total quota of bandwidth, and each flow can occupy 1/36, 2/36, 3/36, 4/36,
5/36, 6/36, 7/36, 8/36 of the bandwidth.

Take another example, there are four flows at present, the priority level of three flows is 4
and that of the last one is 5. So the total quota of bandwidth is (4 + 1) * 3 + (5 + 1) = 21.
The three flows with priority level being 4 can occupy 5/21 of the bandwidth and the flow
with priority level being 5 can occupy 6/21 of the bandwidth. Thus it can be seen, WFQ can
show queue weight among services with different priority on the basis of fairness, and the
weight depends on the IP priority carried in the header of the IP packet.
5.2.3 Congestion Avoidance

Due to the limitation of memory resources, a conventional resolution is to drop all the
incoming packets when the length of the queue exceeds the defined maximum queue length.
For TCP packets, the drop of excessive packets may cause TCP timeout, then trigger TCP
slow start and congestion avoidance mechanism to lessen packets to be send. Simultaneous
drop of too many TCP packets may cause several TCP connections triggering the slow start
and congestion avoidance mechanism, which is called the TCP global synchronization.
Then TCP packets sent to the queue becomes less at the same time and the speed of sending
packets to the queue is lower than the line speed, reducing the bandwidth utilization of the
lines. Moreover, traffic of packets send to the queue change within a wide range, which
makes line traffic fluctuate with it.
To avoid this, the queue can adopt a packet dropping strategy called Weighted Random
Early Detection (WRED). When using WRED, users can set up the threshold value of the
queue. If the queue length is smaller than the low threshold value, WRED does not drop
packets; if the queue length is between the low threshold and the high threshold value,
WRED begins to drop packets at random (longer queue is more likely to drop packets); if
the queue length is bigger than the high threshold, WRED drop all the packets.
Because WRED drops packets at random, it can keep away several TCP connections from
decreasing sending speed at the same time, and avoid the TCP global synchronization
phenomenon. When the packets of a TCP connection are dropped and the packet sending
speed slows down, other TCP connections still maintain a relatively high sending speed.
Thus there are always TCP connections sending packets at a relatively high speed and the
line bandwidth utilization is improved.
Directly comparing the queue length with user defined threshold value (absolute length of
the queue threshold defined by users) and dropping packets will treat the burst data flow
unfairly and do harm to data flow transmission. Therefore, take the mean queue length as
the metric for threshold comparison and packet dropping. Mean length is the result of the
queue length after low pass filtering. It is not sensitive to the burst change of the queue
length, reflects the change trend of the queue, and avoid unfair treatment to the burst data
flow.
WRED can perceive the in-band signaling of QoS, including IP priority, DSCP, and set
queue length filter coefficient, queue threshold, drop probability for packets with different
IP priority or DSCP. Thus it can provide different drop features for packets with different
priority levels.
Relationship between WRED and queue mechanism is shown in Figure 41.

WRED dropping
Output scheduling
Classification
Figure 41 Schematic Diagram for Relationship between WRED and Queue Mechanism
When WRED is used with WFQ, we can implement flow-based WRED. That is, at the time
of packet classification, different flows have their own queues. For flows with small traffic,
its queue length is relatively short so it has a low drop probability. But flows with large
traffic have longer queue, drop more packets and protect interest of flows with small traffic.
5.2.4 Traffic Policing

Traffic policing functions to limit the traffic and burst of a connection accessing a network.
The ZXR10 XG series switches support the RFC-defined traffic policing algorithm in
single/double rate color-blind or color aware mode. If the packet meets certain conditions,
for instance, packet traffic of a connection is excessively large, traffic policing will adopt
different methods such as dropping packets or resetting the priority level of the packets to
process. A general method is using Committed Information Rate (CIR) to limit packet
traffic of a type, such as restricting the HTTP packets to no more than 50% of the network
bandwidth.
For ISP, it is quite necessary to control traffic send to the network by users. For the
enterprise network, traffic control on some applications is also a powerful tool to control
network status. The network administrator can use CIR to control traffic.
CIR makes use of the token bucket (TB) to control traffic.
Putting tokens into the

bucket by CIR
Classification
Passing
Dropping
Figure 42 Basic Processing Course of CIR Traffic Control

Figure 42 shows the basic processing course of CIR traffic control. At first, classify packets
by predefined matching rules. If the packets have no specified traffic features, send packets
directly without processing of the token bucket. If the packets need traffic control, send
them into the token bucket for processing. In case that there are adequate tokens in the
token bucket for packets sending, the packets are allowed to pass and be sent. In case that
tokens in the bucket cannot satisfy requirements for packet sending, the packet will be
dropped and packet traffic of a type can be controlled.

The token bucket places tokens into the bucket at the user defined speed. Moreover, user
can set the capacity of the token bucket. When tokens inside the bucket exceeds its capacity,
the number of tokens stop increasing. When the token bucket processes packets, if the token
bucket has enough tokens for packet sending, the packet can pass and be forwarded, and
number of the tokens in the bucket decrease correspondingly. If tokens in the bucket are not
adequate for packet sending, the packets will be dropped.
The token bucket is a good tool for data traffic control. When the token bucket is filled with
tokens, all the packets represented by the tokens in the bucket can be send and burst
transmission is allowed. If there is no tokens in the bucket, packets cannot be send until new
tokens generated in the bucket. Therefore, packet traffic can be restricted for packet traffic
can only equal to or less than the speed of token generating.
In actual application, traffic policing of ZXR10 XG can not only be used for traffic control,
but also for packet marking or re-marking. That is, traffic policing can set or modify the
priority of the IP packet so as to mark the packet.
For example, if the packet conforms to the traffic features, set the priority level of the
packet as 5. If the packet cannot conform to the traffic features, drop them or set their
priority level as 1, then forward them continuously. Therefore, the subsequent processing
can guarantee not to drop packets with priority level being 5. In case of no network
congestion, packet with priority level being 1 can be sent. In case of network congestion,
packets with priority being 1 are dropped first, then packets with priority level being 5 are
dropped.
Traffic policing can set different traffic and mark features for packets of different types, that
is, first classify packets, then provides different traffic and mark features for packets of
different types.
5.2.5 Traffic Shaping

The typical function of traffic shaping is to restrict a network connection’s traffic and burst
outflow, so as to enable this kind of packets to be transmitted outward in evenly speed.
Buffer and token bucket are usually used to implement traffic shaping. When the
transmission speed of packets is too fast, first the packets are cached in the buffer, and then
are transmitted in evenly speed in control of the token bucket.
Traffic shaping (TS) can shape the irregular traffic or the one differentiated from the
scheduled traffic feature, so that the upstream and downstream bandwidth can be a matched.
TS and CIR both adopt the token bucket technology to control traffic. The difference
between them lies in that CIR discards the packets not matching the traffic feature during
traffic control, while TS caches the unmatched packets, instead of discarding them, to meet
the traffic feature of packets.
The basic processing of TS is shown in Figure 43, where the queue for caching packets is
called TS queue.
Saving tokens to
the token bucket at
the specified speed
Classification
TS queue

Figure 43 TS Processing
TS can shape the specified packets stream or all the packets on a given interface. When the
packets arrive, first they are classified, and then they are transmitted without being
processed by the token bucket if no TS processing is required. In the case where TS
processing is required, the packets are compared with the tokens in the token bucket, which
puts tokens into it at the speed specified by the user. If there are enough tokens in token
buckets, then the packets can be directly transmit forward, and the amount of tokens in
token bucket is decreased depending on the length of packets. When the tokens in token
bucket decrease to below the degree for normal packets transmission, then the packets will
be cached into the TS queue. When there are packets in the TS queue, TS extracts packets
from the queue in a predefined period to perform transmission. Each time a packet is sent,
TS checks the number of tokens in the token bucket, until this number decreases to below
the degree for normal packets transmission or these packets are transmitted completely.
5.2.6 Physical Interface Link Rate (LR)

LR can restrict the total rate at which a physical interface transmits packets (including
emergency packets). The processing of LR still adopts token bucket to control traffic. If a
user defines the traffic feature on an interface of a switch by configuring the LR, then first
all the packets transmitted through this interface are processed by the port-based token
bucket. If there are enough tokens in token bucket for packets transmission, then packets
can be transmitted; otherwise, the packets are put to the QoS queues for congestion
management. Thus, the packet traffic flowed through this physical interface can be
restricted.
Similarly, because token bucket is adopted to restrict the traffic, if there are enough tokens
in the token bucket, burst packets traffic can be transmitted. If there is no token, packets can
not be transmitted until there are new tokens generated in token bucket. Thus, the packet
traffic can be restricted to lower than or equal to the speed at which tokens are generated.
This can restrict the traffic as well as permitting the burst traffic.
Compared with the traffic CIR, LR can restrict all the packets flowed through a physical
interface. Because CIR is used for specified stream, it does not take effect for the packets
without CIR configuration.
In sum, ZXR10 XG series switches’ QoS processing is shown in Figure 44:
ASIC MF based classification Congestion management

Queue scheduling
Congestion avoidance
Traffic restriction/shaping
Discarding probability
Traffic policing
Measurement and marking
Queue scheduling
Ingress processing Egress processing
Figure 44 ZXR10 XG Series Switches QoS Processing

5.3 QOS Application

5.3.1 PHB Guarantee of Voice and Video Services
The continuous development of networks give rise to the need of unconventional data
applications, such as Voice over IP (VOIP) and video conference. A single (three-in-one)
network integrating voice, video and data services has become the trend for network
development, which can reduce the network maintenance costs and enhance the competence
of communication carriers. Thus, IP networks must guarantee the delay and delay variation
requirements of voice message, and provide the voice quality comparable to that of the
Public Switched Telephone Network (PSTN).
The rich QoS mechanism provided by ZXR10 XG series switches can fully meet the above
requirements of “three-in-one” network. For reducing the transfer delay of voice packets,
the following technologies also can be combined:
The SP queue scheduling algorithm puts voice packets to the queue with a higher priority to
guarantee that voice packets are preferentially scheduled when congestion occurs. The
queue scheduling mode combining SP and WRR can also be adopted, as shown in Figure
45.
Voice packets
Non-voice packets Output scheduling
Traffic
classification
Queue
Figure 45 VOIP Support

In a three-in-one application, the traffic flows are divided into three categories on routers:
voice, video and data. The coloring function of traffic policing is used to set different
priorities for these three kinds of packets. At the same time the SP queue, WRR queue and
the combination of SP and WRR are configured to ensure that the voice packets with a high
priority can preferentially obtain the services when network congestion occurs, thus
reducing the transfer delay of voice packets. Packet stream is controlled when traffic
policing and traffic shaping are configured on routers and packets are transmitted from
routers to DiffServ (DS) area. After the packets enter the DS area, they will be transmitted
according to their types and the corresponding PHB. WRED can be configured on all the
routers in the DS area to reduce the probability of network congestion. SP or WRR queue
technologies are used to guarantee the preferential scheduling of voice packets when
network congestion occurs, thus reducing the transfer delay and delay variation of packets
and finally improving the transmission quality of real-time voice services.
5.3.2 Enterprise Private Network Application

ISPs can provide Virtual Private Network (VPN) services for an enterprise via IP networks,
so that the network construction/leased line costs of the enterprise can be reduced. This
attracts the enterprise greatly. VPN can be used to connect business trip personnel and
enterprise headquarter, connect non-local branch and enterprise headquarters, and connect
enterprise cooperative partner and enterprise headquarters, so as to transmit information
between them. While if VPN can not guarantee the enterprise operation data to be

transmitted in time and effectively, that is, it can not provide effective QoS guarantee, then
VPN can not effectively serve for enterprise. Come-and-go working correspondence and
database access need to be processed preferentially to ensure their bandwidth requirements.
While work-irrelevant E-Mails and WWW accesses can be processed in the same way that
Best-Effort information stream is processed.
ZXR10 XG series switches provide rich QoS features to fully meet the above requirements
of enterprise VPNs:
• Marking IP priorities/DSCP for different services, and classifying traffic by IP
priorities/DSCP
• Guaranteeing the bandwidth, delay and delay variation QoS features of enterprise
operation data via SP or WRR queue scheduling algorithm
• Distinctively processing VPN information to avoid oscillate intra-network stream via
WRED/tail-drop mechanism
• Restricting the traffic of different information streams in VPN via traffic policing
mechanism
Traffic stream is classified and colored on the CE routers at various VPN sites. For example,
traffic stream can be classified under three categories: database access, important working
correspondence and WWW access. After classifying, the priorities of these three kinds of
service packets are marked as high, middle and low if required. And VPN service providers
can set traffic policing function at the entry port of each CE router, and set traffic shaping
function at the egress port of each CE router, so as to packet stream transmitted from
various VPN sites to service provider network can be restricted to no more than the
maximum stream committed. On various PE routers in VPN service provider network, by
default MPLS EXP will copy the priorities of IP packets. In this way on various PE and P
routers in VPN service provider network, the packet scheduling mode can be controlled
through configuring SP and WRR queues. This ensures the packet with a higher priority can
preferentially obtain the services when network congestion occurs, so as to reduce delay
and delay variation and to avoid the global synchronization of TCP stream through setting
WRED. In addition, if the ISP expects to define a service class differentiated from the one
of subscriber network, or it does not believe the IP priority of subscriber network, it can
adopt the mode of remarking the packet according to a certain rule at the entry of PE router.
5.3.3 Application Summary

As the development of network applications and the continuous emergence of new services,
such as unconditional data communication services including VoIP and video conference,
the three-in-one network that integrates voice, video and data has become the trend for
network development. With respect to voice, video and data application communications
with different network service requirements, IP network core is required to have the ability
of differentiating different communications and then different services are provided for
them to differentiate services. ZXR10 XG series switches offer rich QoS features to provide
functions including packet classification and coloring, congestion management &
congestion avoidance, and traffic policing & traffic shaping. The network formed by
network equipment such as ZXR10 XG series switches support QoS, and can provide and
guarantee expected services according to different types of communication packets. With
respect to network carriers and industry subscribers, they can flexibly configure and use
these QoS features to provide tailorable and effective services for subscribers and to
implement and guarantee the service quality committed.

ZXR10 T160G T64G Technical Specifications

Uploaded by

Copyright:

Available Formats

You might also like

ZXR10 T160G T64G Technical Specifications

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

ZXR10 T160G T64G Technical Specifications

Uploaded by

Copyright:

Available Formats

ZXR10 T160G&T64G

Product Type Technical Description

About the Document

V1.1 2007-4-12 HESHU MAOYUCHENG

Copyright © 2005 ZTE Corporation Shenzhen P. R. China

Due to update and improvement of ZTE products and technologies,

ZTE Confidential Proprietary I

ZTE Confidential Proprietary II

3.4.4 Software Forwarding Support Subsystem .................................................................28

ZTE Confidential Proprietary III

Figures and Tables

ZTE Confidential Proprietary IV

Figure 39 Schematic Diagram for DWRR Scheduling.......................................54

ZTE Confidential Proprietary V

1.2 Overall System Structure

1.2.1 System Hardware

ZTE Confidential Proprietary 6

Main control board

Large-capacity high-speed backplane

1.2.2 System Software

ZTE Confidential Proprietary 7

Network management and operation maintenance

Protocol stacks on ZXROS routing platform (L2, L3, MPLS, IPv6)

Distributed operating system platform

Figure 2 Software structure of ZXR10 T160G and ZXR10 T64G

1.3 System Features

ZTE Confidential Proprietary 8

Entries in the routing table: 500 K (layer 3)

ZTE Confidential Proprietary 9

2.2 System Hardware Structure

ZTE Confidential Proprietary 10

Control module (standby)

Figure 3 ZXR10 T160G/T64G System Hardware Schematic Drawing

2.3 Switching and Control Module

CPU Console port

Figure 4 Main Control Board

ZTE Confidential Proprietary 11

2.3.1 Control Module

2.3.2 Switching Module

Figure 5 The main control board panel

2.4 Power Supply Module

Figure 6 AC Power Supply Module

ZTE Confidential Proprietary 12

Figure 7 DC Power Supply Module

2.5 Interface Module

2.5.1 44+4 FE Interface Board

ZTE Confidential Proprietary 13

Figure 9 44+4 FE Electrical Interface Board Panel

2.5.2 12-Port GE Interface Board

Figure 11 12-port GE Optical Interface Board Panel

ZTE Confidential Proprietary 14

2.5.3 24-Port GE Optical Interface Board

Figure 13 24-port GE Optical Interface Board Panel

2.5.4 12-Port GE Interface Board

ZTE Confidential Proprietary 15

interface ... High-speed

Figure 15 12-port GE Electrical Interface Board Panel

2.5.5 24-Port GE Electrical Interface Board