Manual CX600 X8

Product Description
HUAWEI CX600-X Metro Services Platform (MSP) Universal Service

Router V600R001
Issue 01
Date 2009-09-10
HUAWEI TECHNOLOGIES CO., LTD.
Huawei Proprietary and Confidential

Copyright © Huawei Technologies Co., Ltd.
Huawei Technologies Co., Ltd. provides customers with comprehensive technical support and service. For
any assistance, please contact our local office or company headquarters.
Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base

Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Copyright © Huawei Technologies Co., Ltd.2009. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior
written consent of Huawei Technologies Co., Ltd.
Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Huawei Proprietary and Confidential

Contents
Contents
1 Related Versions ........................................................................................................................1-1

2 Introduction.................................................................................................................................2-1
2.1 Positioning ....................................................................................................................................................2-1
2.2 Benefits .........................................................................................................................................................2-1
3 Architecture .................................................................................................................................3-1
3.1 Physical Architecture.....................................................................................................................................3-1
3.2 Logical Architecture......................................................................................................................................3-1
3.3 Software Architecture....................................................................................................................................3-1
3.4 VRPv5 Architecture ......................................................................................................................................3-1
3.5 Data Forwarding Process ..............................................................................................................................3-1
3.6 Introduction to the Routing Engine and Management Engine ......................................................................3-1
4 Hardware Architecture..............................................................................................................4-1
4.1 CX600-X16 ...................................................................................................................................................4-1
4.1.1 Chassis .................................................................................................................................................4-1
4.1.2 Fan .......................................................................................................................................................4-1
4.1.3 Power Supply .......................................................................................................................................4-1
4.1.4 Board Cage...........................................................................................................................................4-1
4.1.5 MPU.....................................................................................................................................................4-1
4.1.6 SFU ......................................................................................................................................................4-1
4.1.7 Flexible Plug-in Cards .........................................................................................................................4-1
4.1.8 SPUC ...................................................................................................................................................4-1
4.2 CX600-X8 .....................................................................................................................................................4-1
4.2.1 Chassis .................................................................................................................................................4-1
4.2.2 Heat Dissipation System ......................................................................................................................4-1
4.2.3 Power Supply .......................................................................................................................................4-1
4.2.4 Board Cage...........................................................................................................................................4-1
4.2.5 SRU......................................................................................................................................................4-1
4.2.6 SFU ......................................................................................................................................................4-1
4.2.8 SPUC ...................................................................................................................................................4-1
4.3 CX600-X3 .....................................................................................................................................................4-1
4.3.1 Chassis .................................................................................................................................................4-1
Issue () Huawei Proprietary and Confidential i

Contents
4.3.2 FAN......................................................................................................................................................4-1
4.3.3 Power Supply .......................................................................................................................................4-1
4.3.4 Board Cage...........................................................................................................................................4-1
4.3.5 MPU.....................................................................................................................................................4-1
4.3.6 Power Supply .......................................................................................................................................4-1
4.3.8 SPUC ...................................................................................................................................................4-1
4.4 CX600-16......................................................................................................................................................4-1
4.4.1 Chassis .................................................................................................................................................4-1
4.4.2 Fan .......................................................................................................................................................4-1
4.4.3 Power Supply .......................................................................................................................................4-1
4.4.4 LCD .....................................................................................................................................................4-1
4.4.5 Board Cage...........................................................................................................................................4-1
4.4.6 MPU.....................................................................................................................................................4-1
4.4.7 SFU ......................................................................................................................................................4-1
4.4.9 SPUC ...................................................................................................................................................4-1
4.5 CX600-8........................................................................................................................................................4-1
4.5.1 Chassis .................................................................................................................................................4-1
4.5.2 FAN......................................................................................................................................................4-1
4.5.3 Power Supply .......................................................................................................................................4-1
4.5.4 Board Cage...........................................................................................................................................4-1
4.5.5 SRU......................................................................................................................................................4-1
4.5.6 SFU ......................................................................................................................................................4-1
4.5.8 SPUC ...................................................................................................................................................4-1
5 Link Features...............................................................................................................................5-1
5.1 Ethernet Link Features ..................................................................................................................................5-1
5.1.1 Basic Features ......................................................................................................................................5-1
5.1.2 Eth-Trunk .............................................................................................................................................5-1
5.1.3 Virtual Ethernet Interface.....................................................................................................................5-1
5.2 FR Link Features...........................................................................................................................................5-1
5.3 POS Link Features ........................................................................................................................................5-1
5.3.1 SDH/SONET Encapsulation ................................................................................................................5-1
5.3.2 POS Interfaces .....................................................................................................................................5-1
5.3.3 POS Sub-interfaces ..............................................................................................................................5-1
5.3.4 IP-Trunk ...............................................................................................................................................5-1
5.4 CPOS Link Features......................................................................................................................................5-1
5.4.1 Channelization .....................................................................................................................................5-1
5.4.2 PPP/HDLC/TDM.................................................................................................................................5-1
5.5 ATM Link Features .......................................................................................................................................5-1
ii Huawei Proprietary and Confidential Issue ()

Contents
5.5.1 SDH/SONET Encapsulation ................................................................................................................5-1

5.5.2 PVP/PVC .............................................................................................................................................5-1
5.5.3 IPoA .....................................................................................................................................................5-1
5.5.4 ATM Sub-interfaces .............................................................................................................................5-1
5.5.5 ATM OAM ...........................................................................................................................................5-1
5.5.6 1483B...................................................................................................................................................5-1
5.5.7 ATM Cell Transport .............................................................................................................................5-1
5.5.8 ATM E1 IMA .......................................................................................................................................5-1
5.6 TDM Link Feature ........................................................................................................................................5-1
5.7 CE1/CT1/E3/T3/CT3 Link Features .............................................................................................................5-1
5.8 MC-Trunk......................................................................................................................................................5-1
5.9 MC-APS........................................................................................................................................................5-1
6 Service Features ..........................................................................................................................6-1

6.1 Ethernet Features...........................................................................................................................................6-1
6.1.1 Switched Ethernet Features..................................................................................................................6-1
6.1.2 Routed Ethernet Features .....................................................................................................................6-1
6.1.3 QinQ.....................................................................................................................................................6-1
6.1.4 RRPP Link Features.............................................................................................................................6-1
6.1.5 RSTP/MSTP ........................................................................................................................................6-1
6.1.6 BPDU Tunnel.......................................................................................................................................6-1
6.2 IP Features.....................................................................................................................................................6-1
6.2.1 IPv4/IPv6 Dual Stack...........................................................................................................................6-1
6.2.2 IPv4 Features .......................................................................................................................................6-1
6.2.3 IPv6 Features .......................................................................................................................................6-1
6.2.4 GRE .....................................................................................................................................................6-1
6.2.5 IPv4/IPv6 Transition Technologies ......................................................................................................6-1
6.3 Routing Protocols..........................................................................................................................................6-1
6.3.1 Unicast Routing ...................................................................................................................................6-1
6.3.2 Multicast Routing.................................................................................................................................6-1
6.4 MPLS ............................................................................................................................................................6-1
6.4.1 Basic Functions ....................................................................................................................................6-1
6.4.2 MPLS TE .............................................................................................................................................6-1
6.4.3 MPLS OAM.........................................................................................................................................6-1
6.5 VPN Features ................................................................................................................................................6-1
6.5.1 Tunnel Policy .......................................................................................................................................6-1
6.5.2 VPN Tunnel .........................................................................................................................................6-1
6.5.3 MPLS L2VPN......................................................................................................................................6-1
6.5.4 BGP/MPLS L3VPN.............................................................................................................................6-1
6.5.5 L2VPN Accessing L3VPN...................................................................................................................6-1
6.5.6 VPN QoS .............................................................................................................................................6-1
6.6 IPTN Features ...............................................................................................................................................6-1
Issue () Huawei Proprietary and Confidential iii

Contents
6.7 QoS Features .................................................................................................................................................6-1

6.7.1 DiffServ Model ....................................................................................................................................6-1
6.7.2 Traffic Classification............................................................................................................................6-1
6.7.3 Traffic Policing ....................................................................................................................................6-1
6.7.4 Queue Scheduling ................................................................................................................................6-1
6.7.5 Congestion Management......................................................................................................................6-1
6.7.6 Traffic Shaping.....................................................................................................................................6-1
6.7.7 HQoS ...................................................................................................................................................6-1
6.7.8 QPPB ...................................................................................................................................................6-1
6.7.9 Ethernet QoS........................................................................................................................................6-1
6.7.10 ATM QoS ...........................................................................................................................................6-1
6.8 Load Balancing .............................................................................................................................................6-1
6.8.1 Equal-Cost Load Balancing .................................................................................................................6-1
6.8.2 Unequal-Cost Load Balancing .............................................................................................................6-1
6.9 Traffic Statistics.............................................................................................................................................6-1
6.9.1 URPF Traffic Statistics ........................................................................................................................6-1
6.9.2 ACL Traffic Statistics...........................................................................................................................6-1
6.9.3 CAR Traffic Statistics ..........................................................................................................................6-1
6.9.4 HQoS Traffic Statistics ........................................................................................................................6-1
6.9.5 Interface-based Traffic Statistics ..........................................................................................................6-1
6.9.6 VPN Traffic Statistics...........................................................................................................................6-1
6.9.7 TE Tunnel Traffic Statistics..................................................................................................................6-1
6.10 IP Compression ...........................................................................................................................................6-1
6.11 MSE Features ..............................................................................................................................................6-1
6.12 Security Features .........................................................................................................................................6-1
6.12.1 Security Authentication......................................................................................................................6-1
6.12.2 RPF/URPF .........................................................................................................................................6-1
6.12.3 MAC Limit.........................................................................................................................................6-1
6.12.4 Unknown Traffic Suppression............................................................................................................6-1
6.12.5 DHCP Snooping.................................................................................................................................6-1
6.12.6 Local Defense attack..........................................................................................................................6-1
6.12.7 GTSM ................................................................................................................................................6-1
6.12.8 ARP Attack Defense...........................................................................................................................6-1
6.12.9 Mirroring............................................................................................................................................6-1
6.12.10 NetStream ........................................................................................................................................6-1
6.12.11 Lawful Interception ..........................................................................................................................6-1
6.13 Network Reliability .....................................................................................................................................6-1
6.13.1 Backup of Key Modules ....................................................................................................................6-1
6.13.2 High Reliability of the LPU ...............................................................................................................6-1
6.13.3 Transmission Alarm Customization and Suppression ........................................................................6-1
6.13.4 Ethernet OAM....................................................................................................................................6-1
6.13.5 ISSU Features ....................................................................................................................................6-1
iv Huawei Proprietary and Confidential Issue ()

Contents
6.13.6 VRRP .................................................................................................................................................6-1

6.13.7 GR......................................................................................................................................................6-1
6.13.8 BFD....................................................................................................................................................6-1
6.13.9 FRR....................................................................................................................................................6-1
6.13.10 BGP Indirect Next Hop ....................................................................................................................6-1
6.13.11 NSR..................................................................................................................................................6-1
6.13.12 iSRM................................................................................................................................................6-1
6.14 Clock ...........................................................................................................................................................6-1
6.14.1 CES ACR ...........................................................................................................................................6-1
6.14.2 CES DCR ...........................................................................................................................................6-1
6.14.3 Ethernet Clock Synchronization ........................................................................................................6-1
6.14.4 Clock Synchronization Defined in IEEE 1588v2...............................................................................6-1
7 Application Scenarios ...............................................................................................................7-1

7.1 Application on a Metro Ethernet network .....................................................................................................7-1
8 Operation and Maintenance ....................................................................................................8-1

8.1 Benefits .........................................................................................................................................................8-1
8.1.1 System Configuration Mode ................................................................................................................8-1
8.1.2 System Management and Maintenance................................................................................................8-1
8.1.3 HGMP..................................................................................................................................................8-1
8.1.4 System Service and Status Tracking ....................................................................................................8-1
8.1.5 System Test and Diagnosis...................................................................................................................8-1
8.1.6 In-Service Debugging ..........................................................................................................................8-1
8.1.7 Upgrade Features .................................................................................................................................8-1
8.1.8 GTL......................................................................................................................................................8-1
8.1.9 Miscellaneous Features ........................................................................................................................8-1
8.2 Network Management System ......................................................................................................................8-1
9 Technical Specification.............................................................................................................9-1
9.1 Physical Specifications..................................................................................................................................9-1
9.1.1 CX600-X16..........................................................................................................................................9-1
9.1.2 CX600-X8............................................................................................................................................9-1
9.1.3 CX600-X3............................................................................................................................................9-1
9.1.4 CX600-16.............................................................................................................................................9-1
9.1.5 CX600-8...............................................................................................................................................9-1
9.2 System Configuration....................................................................................................................................9-1
9.2.1 CX600-X16..........................................................................................................................................9-1
9.2.2 CX600-X8............................................................................................................................................9-1
9.2.3 CX600-X3............................................................................................................................................9-1
9.2.4 CX600-16.............................................................................................................................................9-1
9.2.5 CX600-8...............................................................................................................................................9-1
9.3 Specifications of Service Performance..........................................................................................................9-1
9.4 System Features ............................................................................................................................................9-1
Issue () Huawei Proprietary and Confidential v

Contents
10 Compliant Standards.............................................................................................................10-1
10.1 Standards and Telecom Protocols..............................................................................................................10-1
10.2 Electromagnetic Compatibility Standards .................................................................................................10-1
10.3 Safty Standards..........................................................................................................................................10-1
10.4 Environmental Standards ..........................................................................................................................10-1
10.5 Other Standards .........................................................................................................................................10-1
11 Acronyms and Abbreviations..............................................................................................11-1

Index ...................................................................................................................................................1
vi Huawei Proprietary and Confidential Issue ()

Figures
Figures
Figure 3-1 Physical architecture.........................................................................................................................3-1

Figure 3-2 Functional host system......................................................................................................................3-1
Figure 3-3 Logical architecture ..........................................................................................................................3-1

Figure 3-4 Software architecture ........................................................................................................................3-1
Figure 3-5 Data forwarding process ...................................................................................................................3-1
Figure 4-1 Appearance and components of the CX600-X16 (Front)..................................................................4-1
Figure 4-2 Appearance and components of the CX600-X16 (Rear)...................................................................4-1
Figure 4-3 Airflow of the CX600-X16 ...............................................................................................................4-1
Figure 4-4 Power supply of the CX600-X16......................................................................................................4-1
Figure 4-5 Board cage on the CX600-X16.........................................................................................................4-1
Figure 4-6 Management bus connection ............................................................................................................4-1
Figure 4-7 Appearance and components of the CX600-X8 (Front) ...................................................................4-1
Figure 4-8 Appearance and components of the CX600-X8 (Rear).....................................................................4-1
Figure 4-9 Airflow of the CX600-X8 (left view ) ..............................................................................................4-1
Figure 4-10 Power supply of the CX600-X8......................................................................................................4-1
Figure 4-11 Board cage of the CX600-X8..........................................................................................................4-1
Figure 4-12 Appearance of the CX600-X3 (DC power modules ) .....................................................................4-1
Figure 4-13 Appearance of the CX600-X3 (AC power modules ) .....................................................................4-1

Figure 4-14 Airflow of the CX600-X3 ...............................................................................................................4-1
Figure 4-15 Board cage of the CX600-X3 .........................................................................................................4-1
Figure 4-16 Appearance of the CX600-16 .........................................................................................................4-1

Figure 4-17 Airflow of the CX600-16................................................................................................................4-1
Figure 4-18 Relationship between the power modules and slots........................................................................4-1
Figure 4-19 Appearance of the LCD ..................................................................................................................4-1

Figure 4-20 Board cage of the CX600-16 ..........................................................................................................4-1
Figure 4-21 Management bus connection ..........................................................................................................4-1
Issue () Huawei Proprietary and Confidential vii

Figures
Figure 4-22 Appearance of the CX600-8 ...........................................................................................................4-1
Figure 4-23 Airflow of the CX600-8..................................................................................................................4-1

Figure 4-24 Board cage of the CX600-8 ............................................................................................................4-1
Figure 5-1 Diagram of an IP-Trunk....................................................................................................................5-1
Figure 5-2 Protocol stack of 1483B....................................................................................................................5-1

Figure 5-3 Networking diagram of ATM cell transport over a PSN...................................................................5-1
Figure 5-4 Inverse multiplexing and de-multiplexing of ATM cells in IMA group............................................5-1
Figure 5-5 TDM service .....................................................................................................................................5-1

Figure 5-6 CES service application model .........................................................................................................5-1
Figure 5-7 MC-Trunk .........................................................................................................................................5-1
Figure 6-1 Networking diagram of applying interface-based QinQ ...................................................................6-1

Figure 6-2 Networking diagram of applying VLAN-based QinQ......................................................................6-1
Figure 6-3 Compatibility of the EType field in the TPID in the outer tag of QinQ packets...............................6-1
Figure 6-4 Networking diagram of applying multicast QinQ.............................................................................6-1
Figure 6-5 Network diagram of the VLAN swapping feature based on QinQ ...................................................6-1
Figure 6-6 Application of tangent RRPP rings in the MAN ...............................................................................6-1
Figure 6-7 Structure of the IPv4/IPv6 dual stack ...............................................................................................6-1
Figure 6-8 Multi-protocol local network transmission through the single-protocol backbone network.............6-1
Figure 6-9 Enlarging the network operation scope.............................................................................................6-1
Figure 6-10 Networking diagram of applying GRE in a CPE-based VPN.........................................................6-1
Figure 6-11 Networking diagram of applying GRE in a network-based VPN ...................................................6-1
Figure 6-12 CEs accessing the MPLS VPN backbone network through the backbone network based on the IP
technology...........................................................................................................................................................6-1
Figure 6-13 Networking diagram of applying the IPv6 over IPv4 tunnel technology........................................6-1
Figure 6-14 Networking diagram of the IPv4 over IPv6 tunnel .........................................................................6-1
Figure 6-15 6PE network topology ....................................................................................................................6-1
Figure 6-16 Networking diagram of applying LDP over TE..............................................................................6-1

Figure 6-17 Networking diagram of applying MPLS OAM ..............................................................................6-1
Figure 6-18 Networking diagram of a VLL .......................................................................................................6-1
Figure 6-19 VPLS networking ...........................................................................................................................6-1

Figure 6-20 H-VPLS model ...............................................................................................................................6-1
Figure 6-21 Reference model of PWE3 VCCV .................................................................................................6-1
Figure 6-22 Networking diagram of ATM cell relay over a PSN .......................................................................6-1
Figure 6-23 Networking diagram of ATM IWF in CCC local connection mode................................................6-1
viii Huawei Proprietary and Confidential Issue ()

Figures
Figure 6-24 Networking diagram of ATM IWF in PW mode.............................................................................6-1
Figure 6-25 BGP/MPLS L3VPN........................................................................................................................6-1

Figure 6-26 Networking diagram of applying public network multicast............................................................6-1
Figure 6-27 Networking diagram of applying VPN A multicast ........................................................................6-1
Figure 6-28 Networking diagram of applying VPN B multicast ........................................................................6-1

Figure 6-29 Networking diagram of the IPv6 VPN over the IPv4 public network ............................................6-1
Figure 6-30 Basic architecture of HoVPN .........................................................................................................6-1
Figure 6-31 Implementation of a multi-role host ...............................................................................................6-1

Figure 6-32 Traditional access network..............................................................................................................6-1
Figure 6-33 L2VPN access to the L3VPN .........................................................................................................6-1
Figure 6-34 L2VPN/L3VPN with MPLS TE .....................................................................................................6-1

Figure 6-35 L2VPN/L3VPN with MPLS DS-TE...............................................................................................6-1
Figure 6-36 VPN-based QoS on the network side in an L2VPN/L3VPN ..........................................................6-1
Figure 6-37 Application scenario of the IPTN ...................................................................................................6-1
Figure 6-38 Networking diagram of applying HQoS .........................................................................................6-1
Figure 6-39 Flowchart of traffic policing with CAR ..........................................................................................6-1
Figure 6-40 Networking diagram of traffic congestion ......................................................................................6-1
Figure 6-41 Networking diagram of applying QPPB .........................................................................................6-1
Figure 6-42 Networking diagram of 802.1p re-marking supported by QinQ .....................................................6-1
Figure 6-43 Forced ATM traffic classification ...................................................................................................6-1
Figure 6-44 URPF traffic statistics .....................................................................................................................6-1
Figure 6-45 Traffic statistics in traffic classification ..........................................................................................6-1
Figure 6-46 CAR traffic statistics.......................................................................................................................6-1
Figure 6-47 RTP packet format ..........................................................................................................................6-1
Figure 6-48 cRTP packet format.........................................................................................................................6-1
Figure 6-49 Security features .............................................................................................................................6-1

Figure 6-50 Networking diagram of applying local mirroring ...........................................................................6-1
Figure 6-51 Networking diagram of applying remote mirroring........................................................................6-1
Figure 6-52 Diagram of NetStream data collection and analysis .......................................................................6-1

Figure 6-53 Scenario for lawful interception......................................................................................................6-1
Figure 6-54 Reliability techniques .....................................................................................................................6-1
Figure 6-55 Networking diagram of VRRP........................................................................................................6-1

Figure 6-56 ETH OAM for VRRP networking ..................................................................................................6-1
Issue () Huawei Proprietary and Confidential ix

Figures
Figure 6-57 Networking diagram of VRRP for IPv6..........................................................................................6-1
Figure 6-58 Diagram of TE FRR link protection ...............................................................................................6-1

Figure 6-59 Diagram of TE FRR node protection..............................................................................................6-1
Figure 6-60 Networking diagram of PW redundancy ........................................................................................6-1
Figure 6-61 Working principle of iSRM.............................................................................................................6-1

Figure 6-62 Networking diagram of Ethernet clock synchronization ................................................................6-1
Figure 7-1 Metro Ethernet network diagram ......................................................................................................7-1
Figure 7-2 2G/3G RAN solutions.......................................................................................................................7-1

Figure 7-3 Clock synchronization solution in IEEE 1588v2..............................................................................7-1
x Huawei Proprietary and Confidential Issue ()

Tables
Tables
Table 2-1 Reliability features..............................................................................................................................2-1

Table 4-1 Technical specifications of the fan module on the CX600-X16 .........................................................4-1
Table 4-2 Technical parameters of the CX600-X16 PEM ..................................................................................4-1

Table 4-3 Technical parameters of the CX600-X16 AC power supply module..................................................4-1
Table 4-4 Slot layout on the CX600-X16 ...........................................................................................................4-1
Table 4-5 Interfaces on the MPU........................................................................................................................4-1
Table 4-6 Parameters of the SFU........................................................................................................................4-1
Table 4-7 Flexible plug-in cards supported by the LPUF-10..............................................................................4-1
Table 4-8 Flexible plug-in cards supported by the LPUF-21..............................................................................4-1
Table 4-9 Flexible plug-in cards supported by the..............................................................................................4-1
Table 4-10 Technical parameters of the CX600-X8 fan module ........................................................................4-1
Table 4-11 Technical parameters of the CX600-X8 PEM...................................................................................4-1
Table 4-12 Technical parameters of the CX600-X8 AC power supply module..................................................4-1
Table 4-14 Interfaces on the SRU.......................................................................................................................4-1
Table 4-15 Parameters of the SFU......................................................................................................................4-1
Table 4-16 Flexible plug-in cards supported by the LPUF-10............................................................................4-1

Table 4-18 Flexible plug-in cards supported by the............................................................................................4-1
Table 4-19 Technical parameters of the CX600-X3 fan module ........................................................................4-1
Table 4-20 Technical parameters of the CX600-X3 DC power supply ..............................................................4-1

Table 4-21 Technical parameters of the CX600-X3 AC-DC power supply........................................................4-1
Table 4-23 The interfaces on the MPU ...............................................................................................................4-1

Table 4-24 Technical parameters of the CX600-X3 DC power module .............................................................4-1
Table 4-25 Technical parameters of the AC-DC power supply ..........................................................................4-1
Issue () Huawei Proprietary and Confidential xi

Tables

Table 4-29 Technical parameters of the fan module ...........................................................................................4-1
Table 4-30 Technical parameters of the DC-DC convertor.................................................................................4-1

Table 4-31 Technical parameters of the AC-DC power module .........................................................................4-1
Table 4-32 Slot layout of the CX600-16.............................................................................................................4-1
Table 4-33 Interfaces on the MPU......................................................................................................................4-1

Table 4-34 Parameters of the SFU......................................................................................................................4-1

Table 4-38 Technical parameters of the CX600-8 fan module ...........................................................................4-1
Table 4-39 Technical parameters of the CX600-8 DC power module ................................................................4-1
Table 4-40 Technical parameters of the AC-DC power supply ..........................................................................4-1
Table 4-41 Slot layout on the CX600-8 ..............................................................................................................4-1
Table 4-42 Interfaces on the SRU.......................................................................................................................4-1
Table 4-43 The parameter of SFU ......................................................................................................................4-1
Table 6-1 Attack types and DHCP snooping working modes .............................................................................6-1
Table 6-2 Requirements of wireless technology on clock accuracy ...................................................................6-1
Table 9-1 Physical specifications of CX600-X16...............................................................................................9-1
Table 9-2 Physical specifications of CX600-X8.................................................................................................9-1
Table 9-3 Physical specifications of CX600-X3.................................................................................................9-1
Table 9-4 Physical specifications of CX600-16..................................................................................................9-1

Table 9-5 Physical specifications of CX600-8....................................................................................................9-1
Table 9-6 System configuration list of CX600-X16 ...........................................................................................9-1
Table 9-7 System configuration list of CX600-X8 .............................................................................................9-1

Table 9-8 System configuration list of CX600-X3 .............................................................................................9-1
Table 9-9 System configuration list of CX600-16 ..............................................................................................9-1
Table 9-10 System configuration list of CX600-8 ..............................................................................................9-1

Table 9-11 Service performance specifications ..................................................................................................9-1
xii Huawei Proprietary and Confidential Issue ()

Tables
Table 9-12 System features.................................................................................................................................9-1
Issue () Huawei Proprietary and Confidential xiii

1 Related Versions
1 Related Versions
Product Name Version

CX600 Metro Services Platform V600R001
Issue () Huawei Proprietary and Confidential 1-1

2 Introduction
2 Introduction
About This Chapter

2.1 Positioning
2.2 Benefits
2.1 Positioning
Huawei CX600 Metro Services Platform (MSP) (hereinafter referred to as the CX600) is a
high-end network product used to access, converge, and transmit carrier-class Ethernet
services on Fixed-Mobile Convergence (FMC) Metropolitan Area Networks (MANs).
The CX600 operates on the Versatile Routing Platform (VRP) operating system developed by
Huawei and adopts the hardware-based forwarding and non-blocking data switching
technology. The CX600 features carrier-class reliability, line-speed forwarding capability,
perfect Quality of Service (QoS) mechanism, service processing capability, and good
expansibility.
The CX600 provides strong capabilities in network access, Layer 2 switching, and
transmission of Ethernet over MultiProtocol Label Switching (EoMPLS) services. The CX600
also supports rich IP services and provides broadband access, triple play, IP leased line, and
Virtual Private Network (VPN) services. The CX600 can also work in conjunction with the
CX200/300, NE80E, NE40E, ME60, and MA5200G developed by Huawei to set up a
hierarchical metro Ethernet that provides rich services for customers.
The CX600 provides six models: CX600-X16, CX600-X8, CX600-X3, CX600-16, and
CX600-8.
2.2 Benefits
Rich Service Features
Provides rich Layer 2 service features, such as Layer 2 VLAN, selective QinQ, QinQ
termination, Rapid Ring Protection Protocol (RRPP), Spanning Tree Protocol (STP), Rapid
Spanning Tree Protocol (RSTP), and Multiple Spanning Tree Protocol (MSTP).

2 Introduction
Provides IPv4/IPv6 unicast and multicast routing protocols, multicast Call Admission Control
(CAC) to ensure carrier-class QoS for multicast, complete MPLS, MPLS Traffic Engineering
(TE), and IP Telephony Network (IPTN) solutions.
Provides IGP and multicast fast convergence, and BGP indirect next hop.
Provides complete Virtual Private Network (VPN) services, such as L2VPN services
including Virtual Private LAN Service (VPLS), Hierarchy of VPLS (H-VPLS), and Virtual
Leased Line (VLL) services, L3VPN services, multicast VPN services, Huawei patent
Hierarchy of VPN (HoVPN) services, and multi-role host services, and supports GRE tunnels.
Supports ATM PWE3, IMA, transparent transmission on an interface, 1to1 VPC/VCC, N to 1
VPC/VCC.
Supports TDM PWE3, SAToP, and CESoPSN, and supports the setting of the number of
frames to be encapsulated and the setting of the jitter buffer.
Supports ETH PWE3 and the Raw and Tagged modes.
Supports adaptive clock recovery, Ethernet clock synchronization, and clock synchronization
defined in IEEE 1588v2.
Diversified Interface Type

The CX600 provides flexible plug-in cards of various types.
155M/622M/2.5G/10G POS interfaces
155M CPOS interfaces
CE1/CT1/E3/T3/CT3 interfaces provided by low-speed flexible plug-in cards
10M/100M/1000M/10G Ethernet interfaces
155M/622M ATM interfaces
Powerful Forwarding Capability

Designed with the hardware-based forwarding engine, the CX600 carries out full-duplex
forwarding of IPv4, IPv6, MPLS, and Layer 2 packets at line speed on all interfaces. The
CX600 also supports ACL-based forwarding at line.
The hardware completes two-level packet replication to forward multicast at line speed:
The Switch and Fabric Unit (SFU) replicates multicast packets to the Line Processing
Unit (LPU ).
The forwarding engine of the LPU replicates the multicast packets to its interfaces.
The LPU supports packet buffer in 200 ms, which ensures that no packets are lost in the case
of burst traffic.
Perfect QoS Mechanism

The CX600 provides the following Quality of Service (QoS) scheduling and buffer
mechanisms:
Priority Queue (PQ), Weighted Round Robin (WRR), or Weighted Fair Queuing (WFQ)
This guarantees fair scheduling and ensures that services of high priority are performed
first and are not interfered.
Three-level switching network based on Combined Input and Output Queuing (CIOQ)
2-2 Huawei Proprietary and Confidential Issue ()

2 Introduction
This prevents head of line blocking.

Flow-based scheduling
It facilitates MPLS Traffic Engineering (TE) and supports Differentiated Service
(DiffServ) and Integrated Service (InterServ). It combines MPLS TE and Diffserv, thus
implementing MPLS DS-TE.
Eight priority queues
This prevents traffic of high priority from being interrupted.
Hardware-based QoS functions
This ensures that packets are forwarded at line speed even if QoS is enabled.
Five-level Hierarchical QoS (HQoS) scheduling
The perfect QoS mechanism answers the demands of the IP Telephony Network (IPTN). It
provides guaranteed delay, jitter, bandwidth, and packet loss ratio of different services. It
guarantees the launch of carrier-class services such as Voice over IP (VoIP), IPTV and meets
the requirements for the development of multi-service IP networks.
Excellent Security Design

The CX600 takes multiple security measures to protect the data of Internet Service Provider
(ISP) networks and end users. The measures can prevent Denial of Service (DoS) attacks,
illegal access, and overload of the control plane. The CX600 adopts a distributed structure and
guarantees the separation between the data plane and the control plane. It provides a security
performance leading in the industry.
The CX600 provides the following security features:
Three user authentication modes: local authentication, RADIUS authentication, and
HWTACACS authentication
Hardware-based packet filtering and packet sampling, which guarantees high
performance and high extensibility
Multiple authentication methods including plain text authentication and Message Digest
5 (MD5) for upper-layer routing protocols such as Open Shortest Path First (OSPF),
Intermediate System-to-Intermediate System (IS-IS), Routing Information Protocol
(RIP), and Border Gateway Protocol-4 (BGP-4)
ACL on the forwarding plane and control plane
Anti-attack features, including:
− Defends against TCP/IP spoofing attacks.
− Traces sources of attacks.
− Defends the management and services planes. The CX600 can control management
packets and some service packets on the physical interfaces. A physical interface can
be specified as the management interface.
− Supports the application layer cooperation. If a protocol is enabled, the protocol
packets are sent to the CPU for processing. If a protocol is disabled, the protocol
packets are discarded or sent to the CPU at a limited bandwidth.
Lawful interception or Unicast Reverse Path Forwarding (URPF)
URPF checks the source IP address of the received packets and then discards the illegal
packets.
DHCP snooping and limit on MAC addresses.
Generalized TTL Security Mechanism (GTSM).

2 Introduction
Multi-Service Edge (MSE) that provides dynamic user access, authentication, and
accounting, and HQoS.
Provides access management, login and logout control, accounting, and QoS for DHCP
users, static users, Layer 2 dedicated line users, Layer 3 dedicated line users, and Layer 2
VPN users.
Provides the Bandwidth on Demand (BOD) service for enterprise users and DHCP users.
Provides the web authentication server.
Supports the Access Node Control Protocol (ANCP), through which control messages
can be transmitted between access nodes.
Provides ARP security functions to avoid ARP attacks.
Supports attack source tracing/automatic attack suppression/application layer association
(Packet sending control based on the service status).
Complete IPv4/IPv6 Solutions

The CX600 fully supports the Internet Protocol version 4 (IPv4 ) and IP version 6 (IPv6) dual
stack. It can provide all IPv6 features, and offers a good solution to the smooth transition from
IPv4 networks to IPv6 networks.
Supports various IPv6 over IPv4 tunnels and IPv4 over IPv6 tunnels.
Supports the routing table and the forwarding table with large capacities. This enables
the CX600 to serve as the VPN Provider Edge (PE) and supports future expansion of
services.
Supports the distributed forwarding of IPv4/IPv6 and Multiprotocol Label Switching
(MPLS).
Supports IPv4/IPv6 dynamic unicast and multicast routing protocols, BGP indirect next
hop, and dynamic upgrade peer-groups.
Compatibility and Extensibility

The CX600 has good compatibility and strong extensibility. It supports smooth expansion.
The CX600 features the following:
The backplane of the CX600 has a large capacity, which reserves enough bandwidth for
future expansion.
The CX600 forwards services through the flexibly programmable Network Processor
(NP). Thus, you can install software to carry new services.
The Traffic Manager (TM) and Packet Forwarding Engine (PFE) are separate. The two
PFEs, Application Specific Integrated Circuit (ASIC) and NP, are flexibly supported to
meet the requirements of different applications.
High Reliability and Manageability

Based on the carrier-class design, the chassis of the CX600 supports the hot swap of boards.
The chassis can be installed in an N68E cabinet or a standard 19-inch cabinet.
The CX600 provides a powerful monitoring system. The CX600 manages and maintains the
entire system by using the Switch and Route Processing Unit (SRU) or the Main Processing
Unit (MPU). The SRU/MPU manages, monitors, and maintains the boards, fans, and power
modules.

2 Introduction
The CX600 complies with Electro Magnetic Compatibility (EMC ). The modular design of
the system carries out EMC isolation between boards.
The CX600 fully meets the requirements for the high reliability of carrier-class and high-end
routers. The CX600 provides the features described in Table 2-1 to ensure high reliability.
Table 2-1 Reliability features
Item Description
System The boards, power modules, and fans are hot swappable.
protection
mechanism The SRUs/MPUs work in 1:1 backup mode.
The Switch Fabric Units (SFUs) on the CX600-X16 and CX600-8 work in
3+1 load balancing mode.
The SFUs of the CX600-X8 work in 2+1 load balancing mode.
The Switch Fabric Units (SFUs) on the CX600 work in 3+1 load
balancing mode.
The CX600 supports AC-input or DC-input.
The power module of the CX600-16CX600-8 and CX600-X3 work in 1+1
backup mode.
The power modules of the CX600-X8 work in 2+2 backup mode.
The power modules of the CX600-X16 work in 4+4 backup mode.
The key components such as the clocks and management buses work in
backup mode.
Protections The system restarts automatically when abnormalities
against occur and restore services.
abnormalities
The system resets a board when abnormalities occur on
the board and automatically restore services.
The system provides protections against over-current and over-voltage for
power modules and interfaces.
The system provides protection against mis-insertion of boards.
Power alarm The system provides alarm prompt, alarm indication,
monitoring running status query, and alarm status query.
Voltage and The system provides alarm prompt, alarm indication,
environment running status query, and alarm status query.
temperature
monitoring
Reliability The control channel is separated from the service channel to provide a
design non-blocking control channel.
The system provides fault detection for the system and boards, indicators,
and the NMS alarm function.
Reliable The system supports in-service patching.

2 Introduction
Item Description
upgrade Improves the upgrading methods of the device and supports In-Service
Software Upgrade (ISSU), which shortens the duration of service
interruption.
The system supports version rollback in-service.
The system supports in-service upgrading of the BootROM.
The backplane bus supports 8BCP check.
The system supports the Error Checking and Correction (ECC) Random
Access Memory (RAM).
Fault Data backup The system supports hot backup of the data
tolerance between the active and standby units. When the
design active unit fails, the standby unit automatically
takes over the active unit for data transmission. This
ensures that no data is lost.
The system supports the automatic upgrade and restoration of the
BootROM program.
The system can back up configuration files to the remote File Transfer
Protocol (FTP) server.
The system can automatically select and run correct configuration files.
The system provides abnormality monitoring for the system software,
automatic restoration, and log record.
Operation The system provides password protection for system operations.
security
The system provides hierarchical protection for commands through the
configuration of login user classes and command levels.
The system can lock the terminal through commands to prevent illegal
use.
The system provides operation and confirmation prompts for some
commands that may degrade the system performance.
Operation and The system adopts the generic integrated Network Management System
maintenance platform developed by Huawei.
center

3 Architecture
3 Architecture
About This Chapter

3.1 Physical Architecture
3.2 Logical Architecture
3.3 Software Architecture
3.4 VRPv5 Architecture
3.5 Data Forwarding Process
3.6 Introduction to the Routing Engine and Management Engine
3.1 Physical Architecture

Figure 3-1 shows the physical architecture of the CX600 with the DC-input power supply
modules. The physical architecture includes the following systems:
Power distribution system
Functional host system
Heat dissipation system
Network management system

3 Architecture
Figure 3-1 Physical architecture
-48V -48V RTN

Integrated
Power distribution chassis
system
-48V RTN
-48V RTN
-48V -48V
Functional host system Monitorbus Heat dissipation system
Ethernet
Network management
system
RTN: Return
Except the network management system (NMS), all the other systems are in the integrated
cabinet. The power distribution system works in 1+1 backup mode. The following introduces
only the functional host system.
The functional host system is composed of the system backplane, SRUs/MPUs, LPUs, and
SFUs. The functional host system processes data. In addition, it monitors and manages the
entire system, including the power distribution system, heat dissipation system, and NMS
through NMS interfaces. Figure 3-2 shows the functional host system of the CX600.

3 Architecture
Figure 3-2 Functional host system
Backplane
Monitoring
Monitoring bus System
bus Management monitoring unit
Monitoring unit
bus Management bus
Management switching unit
Management unit bus
MPU/
(1) SRU
System
POS/ monitoring unit (Master)
Ethernet Physical Forwarding
interface unit unit Monitoring
Serial link bus System
group Management monitoring unit
bus Management bus
switching unit
MPU/
(1) SRU
System
Monitoring monitoring unit (Slave)
Monitoring unit bus
Monitoring
Management bus Switching network
bus monitoring unit
Management unit Management
bus Switching network
control unit
POS/
Ethernet Physical Forwarding (1)
interface unit unit Switching network
Serial link
group
SFU module
(1) The link connects to the managment bus switching unit of another SRU
3.2 Logical Architecture

The logical architecture of the CX600 consists of the following planes:
Data plane
Control and management plane
Monitoring plane
Figure 3-3 shows the logical architecture of the CX600.

3 Architecture
Figure 3-3 Logical architecture
LPU SRU LPU
Monitoring Monitoring
unit unit
Monitoring
plane System
monitoring unit Monitoring
Monitoring unit
unit
Management Management
System
unit unit
Control and monitoring unit
management
plane Management Management
Switching
unit unit
network
control unit
Forwarding Forwarding
unit unit
Data
Switching
plane network
Forwarding
unit 交换SFU
交交 Forwarding
unit
LPU LPU
The data plane is responsible for high speed processing and non-blocking switching of
data packets. It encapsulates or decapsulates packets, forwards IPv4/IPv6/MPLS packets,
performs QoS and scheduling, completes inner high-speed switching, and collects
statistics.
The control and management plane is the core of the entire system. It controls and
manages the system. The control and management unit processes protocols and signals,
configures and maintains the system status, and reports and controls the system status.
The monitoring plane monitors the system environment. It detects the voltage, controls
power-on and power-off of the system, and monitors the temperature and controls the fan.
In this manner, the security and stability of the system are ensured. It can isolate the fault
promptly in the case of a unit failure to guarantee the operation of other parts.
3.3 Software Architecture

Figure 3-4 shows the software architecture of the CX600.

3 Architecture
Figure 3-4 Software architecture
Power Fan
monitoring monitoring
RPS RPS
SNMP
Active Standby
IPC
FSU FSU FSU
EFU EFU EFU
LPU LPU LPU
In terms of the software, the CX600 consists of the Routing Process System (RPS), power
monitoring module, fan monitoring module, Forwarding Support Unit (FSU), and Express
Forwarding Unit (EFU).
The RPS is the control and management module that runs on the SRU/MPU. The RPSs
of the active SRU/MPU and the standby SRU/MPU back up each other. They support
IPv4/IPv6, MPLS, LDP, and routing protocols, calculate routes, set up LSPs and
multicast distribution trees, generate unicast, multicast, and MPLS forwarding tables,
and deliver routing information to the LPU. The RPS includes IPOS software, VRP
software, and product adapter software.
The FSU implements the functions of the link layer and IP protocol stacks on interfaces.
The EFU performs hardware-based IPv4/IPv6 forwarding, multicast forwarding, MPLS
forwarding, and statistics.
3.4 VRPv5 Architecture

The VRPv5 consists of the following parts: system service plane, versatile control plane, data
forwarding plane, service control plane, and system management plane.
System service plane
It provides such functions as task and memory management, timer, software loading and
patching based on the operating system. It enhances the modular technology to facilitate
system upgrade and customization.
Versatile control plane
It is the core of the VRP data communication platform. It supports link management,
IPv4/v6 protocol stack, routing protocol processing, MPLS, MPLS VPN, and MPLS TE.

3 Architecture
It serves as the basis of security and QoS. It is used to control the data forwarding plane
and carry out various functions of the device.
Data forwarding plane
It forwards data under the control of the versatile control plane to carry out data
transmission. The VRPv5 supports data forwarding based on software and hardware. The
data forwarding plane is the task executor of the CX600.
Service control plane
It controls and manages the system as required, including authentication, authorization,
and accounting.
System management plane
It manages user interfaces and input/output interfaces. It is the basis of the network
management and maintenance.
The VRPv5 provides the following characteristics:
The system structure is of the modular design.
The components can be upgraded independently, without affecting the running of other
components.
The system is easy to maintain and supports smooth service expansion.
In-service patching offers flexible methods of enhancing service features and correcting
defects, which guarantees network reliability.
The system supports the distributed architecture. Different modules run on different
Central Processing Units (CPUs), which strengthens security and reliability.

3 Architecture
3.5 Data Forwarding Process

Figure 3-5 Data forwarding process
PIC
Datagram Datagram
Processing on the incoming Processing on the outgoing

interface interface
Downstream traffic
Upstream traffic classification
classification
PFE IPv4 unicast Searching the Packet

IPv4 unicast
IPv4 multicast routing table to encapsulation
IPv4 multicast
MPLS forward packets and forwarding
MPLS
IPv6 in the
IPv6
MAC downstream
Congestion Queue
QoS in the management scheduling QoS in the
upstream Queue Congestion downstream
scheduling management
TM Multicast replication
Packet fragmentation Packet reassembly
Micro cell Micro cell

SFU
As shown in Figure 3-5, the Packet Forwarding Engine (PFE) adopts the Network Processor
(NP) or Application Specific Integrated Circuit (ASIC) to search the routing table and forward
packets at a high speed. External memories include the Static Random Access Memory
(SRAM), Dynamic Random Access Memory (DRAM), and Net Search Engine (NSE). The
SRAM stores forwarding entries; the DRAM stores packets; the NSE performs non linear
searching.
The data forwarding process can be classified as the upstream and downstream processes
according to data flow directions.
Upstream process: Packets are encapsulated in frames on the Physical Interface Card (PIC)
and then sent to the PFE. On the incoming interface, packets are decapsulated and packet
types are identified. Then, traffic classification is performed according to the configurations
on the incoming interface. In addition, information about scheduling priorities are carried in
the packets sent to the Traffic Manager (TM ) for traffic scheduling. Then, the Forwarding
Information BASE (FIB) is searched to forward packets. For example, to forward an IPv4
unicast packet, the FIB is searched for the outgoing interface and the next hop according to
the destination IP address of the packet. Finally, the searching results and the packets are sent
to the TM.

3 Architecture
Downstream process: According to the packet types parsed in the upstream process and the
outgoing interface, the packets are encapsulated through the link layer protocol and stored in
corresponding queues. For an IPv4 packet whose outgoing interface is an Ethernet interface,
the MAC address needs to be obtained according to the next hop. Then, the outgoing traffic
can be classified according to the configurations on the outgoing interface. Finally, the
packets are encapsulated with the new Layer 2 header on the outgoing interface and are then
sent to the PIC.
3.6 Introduction to the Routing Engine and Management

Engine
On the CX600, the routing engine and management engine are integrated on the SRU/MPU.
To monitor the working conditions, the CX600 also provides an independent monitoring
engine. The monitoring engine monitors information about all parts, including the temperature,
voltage, power supply, and fans.
All the routing engine, management engine, and monitoring engine work in backup mode. In
normal operation, the key data of the master engine is backed up to the slave engine in real
time. When the master engine is faulty, it automatically resets and changes into the slave
engine; the slave engine automatically changes into the master engine. In this manner, the
master and slave failover of the engines is performed dynamically. After the master and slave
failover is complete, the new engine manages the entire device, and other parts on the device
update and then report their respective status to the new master engine.

4 Hardware Architecture
About This Chapter

4.1 CX600-X16
4.2 CX600-X8
4.3 CX600-X3
4.4 CX600-16
4.5 CX600-8
4.1 CX600-X16
4.1.1 Chassis
4.1.2 Fan
4.1.3 Power Supply
4.1.4 Board Cage
4.1.5 MPU
4.1.6 SFU
4.1.7 Flexible Plug-in Cards
4.1.8 SPUC
4.1.1 Chassis
The dimensions of the CX600-X16 chassis are 442 mm x 650 mm x 1420 mm (width x depth
x height). It can be installed in an NE68E cabinet or a 19-inch standard cabinet.
Figure 4-1 and Figure 4-2 show the appearance and components of the CX600-X16.

Figure 4-1 Appearance and components of the CX600-X16 (Front)
1. Air intake vent 2. ESD jack 3. Cabling trough 4. Handle 5. SFU

6. Rack-mounting ear

Figure 4-2 Appearance and components of the CX600-X16 (Rear)
1. Fan module 2. Filtering box 3. Cabling trough

4. DC power supply module 5. AC power input 6. Circumstance Monitor Unit (CMU)
4.1.2 Fan
The upper and lower board cages on the CX600-X16 have independent dissipation systems,
and implement front-to-back dissipation and ventilation.
In the two slots located above the SFU slots, air flows from the left side, and then goes
upwards on the right side into the upper board cage. In the two slots below the SFU slots, air
flows from the left side, and then goes downwards on the right side into the lower board cage.

Figure 4-3 Airflow of the CX600-X16
Each board cage has two fan modules, working in 1+1 backup mode. When one fan module
fails, the fans in the other fan module can rotate at full speed and meet the heat dissipation
requirements.
Table 4-1 Technical specifications of the fan module on the CX600-X16
Item Description
Dimensions 210.4 mm x 100 mm x 243.7 mm (width x depth x height)
Weight 2.0 kg
Power consumption 100 W
Maximum blast pressure 876 Pa
Maximum blast volume 679 CFM
Maximum noise 74 dB
Operating voltage -36 V to -72 V

4.1.3 Power Supply

CX600-X16 adopts switched-mode power supply (SMPS) for the following areas:
Area 1: consists of LPUs 1 to 4 and two MPUs.
Area 2: consists of LPUs 5 to 7, two upper fan modules, and SFUs 19, 20 and 21.
Area 3: consists of SFU 22, LPUs 14 to 16, and two lower fan modules.
Area 4: consists of LPUs 8 to 13.
Figure 4-4 Power supply of the CX600-X16
FAN FAN
1 2 3 17 18 4 5 6 7
L L L M M L L L L
P P P P P P P P P
U U U U U U U U U
SFU 19
SFU 20
SFU 21
SFU 22
L L L L L L L L L
P P P P P P P P P
U U U U U U U U U
8 9 10 11 12 13 14 15 16
FAN FAN
Eight Power Entry Modules (PEMs) are located on the back of the CX600-X16, working in
4+4 backup mode. Each area has two PEM modules working in 1+1 backup mode. When one
PEM module is faulty, the other one can still supply sufficient power for the entire system.
The air circuit breaker of the PEM is 70 A and supports 450 W per slot.
Table 4-2 Technical parameters of the CX600-X16 PEM

Item Description
Dimensions 58 mm x 115 mm x 220 mm (width x depth x height)
Weight 1.4 kg

Item Description
Input rated voltage -48 V DC/-60 V DC
Input voltage -38 V DC to -72 V DC
Maximum output current 70 A
Maximum output power 2800 W
Rated current of air-break 70 A
The CX600-X16 adopts two external AC power supply systems, with four power supply
modules in each system. You can determine how many power supply modules need to be
configured according to the system power.
Table 4-3 Technical parameters of the CX600-X16 AC power supply module

Item Description
Dimensions 442 mm x 650 mm x 89 mm (width x depth x

height)
Weight 9.2 kg
Input rated voltage 110 V AC/220 V AC
Input voltage 90 V AC to 264 V AC
Maximum input current 18.5 A x 4
Output rated current 50 A x 4
Output rated power 2900 W x 4
Rated current of air-break 20 A x 4
4.1.4 Board Cage

The CX600-X16 has 18 upright slots. All the slots can house 16 LPUs and 2 MPUs.
The CX600-X16 has four horizontal slots, which can house four SFUs.
Figure 4-5 shows the board cage on the CX600-X16.

Figure 4-5 Board cage on the CX600-X16
1 2 3 17 18 4 5 6 7
L L L M M L L L L
P P P P P P P P P
U U U U U U U U U
SFU 19
SFU 20
SFU 21
SFU 22
L L L L L L L L L
P P P P P P P P P
U U U U U U U U U
8 9 10 11 12 13 14 15 16
Table 4-4 describes the slot layout on the CX600-X16.
Table 4-4 Slot layout on the CX600-X16
Slot Numb Slot Width Boards to Be Installed

Number er
1 to 16 16 41 mm (1.6 inches) Can house various types of LPUs.

17 and 18 2 41 mm (1.6 inches) Can house two MPUs in 1:1 backup
mode.
19 to 22 4 41 mm (1.6 inches) Can house four SFUs in 3+1 load
balancing mode.
4.1.5 MPU
The CX600-X16 can work with either a single MPU or two MPUs in backup mode.
When the CX600-X16 is equipped with two MPUs, the master MPU works in the active state
and the slave MPU is in the standby state. You cannot access the MEth interface or configure
commands on the console or AUX interface of the slave MPU. The slave MPU exchanges
information (including heartbeat messages and backup data) with only the master MPU. Data
is synchronized through high reliability mechanisms such as the batch backup and real-time
backup between the master and slave MPUs. After the master/slave switchover, the slave
MPU replaces the master MPU and takes over services on the master MPU. The system
supports the setting of the default master MPU. During the startup process, the MPU that is

set as the default master MPU wins the master/slave competition and becomes the master
MPU.
MPUs support two switchover modes: failover and manual switchover. The failover is
triggered by serious faults or the resetting of the master MPU. The manual switchover is
triggered by commands that are run on the console or AUX interface.
The MPU integrates multiple functional modules such as the clock module, LAN switch
module, and Compact Flash (CF) module. As the system clock source and the management
and maintenance unit, the MPU runs as the core of system control and management. It
provides the functions of the control plane and the maintenance plane.
The MPU controls and manages the system. It is designed in 1:1 backup mode. The MPU is
composed of the main control unit, system monitoring unit, management bus switching unit,
and the clock system.
The main control unit of each MPU is connected to the management bus switching unit
of both the master and slave MPUs. It controls and manages all the functional units such
as MPUs, SFUs, and LPUs. The main control unit also communicates with the system
monitoring unit. The system monitoring unit reports the status and environment
information about the monitoring plane to the management control plane. The
management control plane then sends control signals to the monitoring plane.
The system monitoring unit communicates with the monitoring units in other boards or
subsystems through the Monitorbus. It collects the system monitoring information and
interacts with the system main control unit. In addition, it monitors the status and
environment of its MPU and controls the power-on and power-off of its MPU.
The management bus switching unit carries out the switching of the management bus. It
connects to the control units of the two MPUs, all LPUs, and SFUs. Thus, there are two
sets of management buses in the system to perform the master/slave backup protection
no matter which MPU is in the master mode.
Figure 4-6 Management bus connection
LPU 1 Management bus

switching unit
... MPU
System (Master)
LPU 16 monitoring unit
SFU 1 Management bus

switching unit MPU
...
(Slave)
System
SFU 4
monitoring unit
System clock unit

The system clock unit of the MPU provides LPUs with reliable SDH interface clock
signals.
It can provide the downstream devices with 2.048 MHz synchronous clock signals, and
can receive 2.048 MHz or 2.048 Mbit/s external reference clock signals.
The MPUs of the CX600-X16 support clock synchronization that complies with IEEE
1588v2.

Table 4-5 Interfaces on the MPU
Interface Connector Description

Ethernet RJ45 One Ethernet interface: It connects to the Network
(10M/100M/1 Management (NM) workstation.
000M
Base-TX
auto-sensing)
Console RJ45 One console interface: It connects to the console for local
interface configurations.
AUX interface RJ45 One AUX interface: It connects to a Modem for remote
maintenance through a dialup connection.
CF card TYPE II One CF card: It is swappable. The CF card on the MPU
interface standard panel serves as a mass storage device to save data files. In
(compatible addition, there is a CF card inside the MPU.
with TYPE I
standard)
USB interface USB 2.0 Two USB interfaces: They are used for upgrading
software package and copying logs.
GE/2.5G SFP LC Two GE/2.5G SFP interfaces: They are used for
centralized management.
CLK SMB Two SMB connectors and two RJ45 connectors: They are
RJ45 used for receiving or transmitting clock signals.
4.1.6 SFU
As the switching network unit of the CX600-X16, the SFU switches data for the entire
system.
The SFUs work in 3+1 load balancing and backup mode. The four SFUs work at the same
time to share data processing. When an SFU is faulty or replaced, the other three SFUs
automatically carry out load balancing without service interruption.
There is a control channel on the SFU to provide the following functions:
Detects voltage, current, and temperature.
Provides protections against over-voltage, over-current, and over-heat.
Table 4-6 Parameters of the SFU
Item Description Remarks

Switching capacity of the 2.56 Tbit/s Bidirectional
system
Load balancing mode of 3+1 -
SFUs


Synchronization clock On the two MPUs and in backup -
mode

Motherboard LPUF-10 and its flexible plug-in cards
The LPUF-10 provides four sub-slots. The LPUF-10 supports a maximum of 10 Gbit/s
bandwidth.
The flexible plug-in cards supported by the LPUF-10 are hot swappable. They support
automatic configuration restoration and card intermixing.
Table 4-7 Flexible plug-in cards supported by the LPUF-10
Flexible Plug-in Card Name Remarks

1-port OC-192c/STM-64c POS-XFP Flexible Card Occupy two sub-slots.
1-port OC-48c/STM-16c POS-SFP Flexible Card Occupy two sub-slots.
8-port FE/GE SFP Flexible Pluggable Interface Occupy two sub-slots. The card
Daughter Card supports Ethernet clock
synchronization. Ports 0 and 1
support the sending and receiving
of synchronization Ethernet clock
signals; other ports support only
the sending of synchronization
Ethernet clock signals.
8-port FE/GE SFP Flexible Pluggable Interface Occupy two sub-slots. It supports
Daughter Card A Ethernet clock synchronization and
clock features defined in IEEE
1588v2.
2-port OC-12c/STM-4c ATM-SFP Flexible Card Occupy two sub-slots.
2/4-port OC-48c/STM-4c POS-SFP Flexible Card Occupy two sub-slots.
2-port OC-3c/STM-1c CPOS-SFP Flexible Card Occupy two sub-slots.
24-port CE1/CT1-100DB Flexible Card Occupy one sub-slot.
4-port E3/CT3-SMB Flexible Card Occupy one sub-slot.


The motherboard LPUF-21 provides two sub-slots. The cards support hot swap. The LPUF-21
supports a maximum of 20 Gbit/s bandwidth.
The LPUF-21 provides two models: LPUF-21-A and LPUF-21-B. The LPUF-21-A supports
all software features, whereas the LPUF-21-B supports software features except L3VPN,
MVPN, and IPv6.
Table 4-8 lists the flexible plug-in cards supported by the LPUF-21.

1-port 10GBase WAN/LAN-XFP Flexible Card Occupy one sub-slot.
12-port 100/1000Base-SFP Optical Interface Flexible Occupy one sub-slot.
Card
12-port 10/100/1000Base-RJ45 Electrical Interface Occupy one sub-slot.
Flexible Card
1-port OC-192c/STM-64c POS-XFP Flexible Card Occupy one sub-slot.
4-port 10GBase WAN/LAN-XFP Optical Interface Occupy two sub-slots.
Flexible Card
40-port 10/100/1000Base Electrical Interface Occupy two sub-slots.
Flexible Card
40-port 100/1000Base SFP Optical Interface Flexible Occupy two sub-slots.
Card
48-port 10/100Base Delander Flexible Card Occupy two sub-slots.
1-port 10G Base WAN/LAN-XFP Flexible Card A Occupy one sub-slot and support
the clock features defined in IEEE
1588v2.
12-port 100/1000Base-SFP Flexible Card A Occupy one sub-slot and support
1588v2.
2-port 10GBase WAN/LAN-XFP+20-Port Occupy two sub-slots.
100/1000Base-SFP Flexible Card


The motherboard LPUF-40 provides two slots, each of which can hold a flexible plug-in card
of the LPUF-40. The cards support hot swap. The LPUF-40 supports a maximum of 40 Gbit/s
bandwidth.
MVPN, and IPv6. The LPUF-40-B can be upgraded to support features of the LPUF-40-A
through licenses.
Table 4-9 Flexible plug-in cards supported by the

20-port 1000Base-SFP Flexible Card A Occupy one sub-slot and support
1588v2.
20-port 1000Base-SFP Flexible Card Occupy one sub-slot but do not
support the clock features defined
in IEEE 1588v2.
2-port 10GBase WAN/LAN-XFP Flexible Card A Occupy one sub-slot and support
1588v2.
2-port 10GBase WAN/LAN-XFP Flexible Card Occupy one sub-slot but do not
in IEEE 1588v2.
4.1.8 SPUC
The SPUC provides no interfaces and performs only integrated processing for specific
services. The system provides multiple SPUCs for load balancing.
The SPUC provides the following functions:
Integrated NetStream: The system samples packets on the LPU, and collects the traffic
statistics on the SPUC. In this manner, the processing performance is high, without
affecting the forwarding capability. When initiating integrated NetStream on the SPUC,
the system must be configured with the NetStream licenses, the number of which equals
that of SPUCs.
Integrated MVPN: When providing the integrated MVPN, the system must be
configured with a certain number of SPUCs. The number of SPUCs is determined by the
requirement on the MVPN performance. The system must be configured with the MVPN
licenses, the number of which equals that of SPUCs.
Integrated tunnel: It includes the functions of lawful interception, GRE tunnels, and IPv6
Provider Edge (6PE) tunnels. When starting the integrated tunnel on the SPUC, the
system must be configured with the tunnel licenses, the number of which equals that of
SPUCs. For example, if the system is mounted with three SPUCs, three tunnel licenses
must be configured to enable the integrated tunnel.

4.2 CX600-X8
4.2.1 Chassis
4.2.2 Heat Dissipation System
4.2.3 Power Supply
4.2.4 Board Cage
4.2.5 SRU
4.2.6 SFU
4.2.8 SPUC
4.2.1 Chassis
The chassis of the CX600-X8 is 14 U high and the dimensions are 442 mm x 650 mm x
620mm (width x depth x height ). The CX600-X8 can be installed in an NE68E cabinet or a
19-inch standard cabinet with a depth of 800 mm. Figure 4-7 and Figure 4-8 shows the
appearance and components of the CX600-X8.
Figure 4-7 Appearance and components of the CX600-X8 (Front)
1. Air intake vent 2. Rack-mounting ear 3. ESD jack 4. Cabling trough

Figure 4-8 Appearance and components of the CX600-X8 (Rear)
1. Fan module 2. Filtering box 3. Cabling trough

4. AC power input 5. DC power supply module 6. Circumstance Monitor Unit (CMU)
7. Handle
4.2.2 Heat Dissipation System

The fan module draws air for the heat dissipation of boards. A Monitorbus module integrated
on the SRU controls the speed of fans according to the temperature in the board cage.
The air flows from the top front of the CX600-X8 chassis to the top back for ventilation and
heat dissipation, and thus the board temperature can be kept within a normal range.

Figure 4-9 Airflow of the CX600-X8 (left view )
The CX600-X8 has two fan frames, working in 1+1 backup mode. When one fan module fails,
the fans in the other fan module can rotate at full speed and meet the heat dissipation
requirements.
Table 4-10 Technical parameters of the CX600-X8 fan module
Item Description
Dimensions 210.4 mm x 100 mm x 243.7 mm (width x depth x height)
Weight 2.0 kg
Maximum blast volume 679 CFM
Maximum noise 74 dB
Operating voltage -36 V to -72 V
4.2.3 Power Supply

The CX600-X8 provides the following power supplies:
DC power supply
AC power supply
The switched-mode power supply is adopted.
Area 1: consists of LPUs 1 to 4, SRU 9, SFU 11, and a fan frame.
Area 2: consists of LPUs 5 to 8, SRU 10, and a fan frame.

Figure 4-10 Power supply of the CX600-X8
FAN FAN
1 2 3 4 9 11 10 5 6 7 8
L L L L M S M L L L L
P P P P P F P P P P P
U U U U U U U U U U U
1 2 3 4 9 11 10 5 6 7 8
Power supply modules are located on the back of the CX600-X8, and consist of four Power
Entry Modules (PEMs) working in 2+2 backup mode. Each area has two PEM modules
working in 1+1 backup mode. When one PEM module is faulty, the other one can still supply
sufficient power for the entire system.
The PEM modules support an air circuit breaker of 70 A and can supply power of 550 W for
each slot.
The CX600-X8 adopts an external AC power supply system that consists of four power
supply modules. You can determine how many power supply modules need to be equipped
according to the system power. The external power supply system is connected to the PEM
modules after the AC/DC conversion.
Table 4-11 Technical parameters of the CX600-X8 PEM

Item Description

Weight 1.4 kg
Input rated voltage -48 V DC/-60 V DC

Table 4-12 Technical parameters of the CX600-X8 AC power supply module
Item Description
Dimensions 442 mm x 650 mm x 89 mm (width x depth x
height)
Weight 9.2 kg
Input rated voltage 110 V AC/220 V AC
Input voltage 90 V AC to 264 V AC
Maximum input current 18.5 A x 4
Output rated current 50 A x 4
Output rated power 2900 W x 4
Rated current of air-break 20 A x 4
4.2.4 Board Cage

The CX600-X8 has 11 slots, which can hold 8 LPUs, 1 SFU, and 2 SRUs. Figure 4-11 shows
the board cage of the CX600-X8.
Figure 4-11 Board cage of the CX600-X8
1 2 3 4 9 11 10 5 6 7 8
L L L L M S M L L L L
P P P P P F P P P P P
1 2 3 4 9 11 10 5 6 7 8
Table 4-13 shows the slot layout.
Slot Nu Slot Width Boards to Be Installed

Number mbe
r
1 to 8 8 41 mm (1.6 inches) LPUs
9 and 10 2 41 mm (1.6 inches) SRUs, on which the MPUs work in 1:1
backup mode

Slot Nu Slot Width Boards to Be Installed

Number mbe
r
11 1 41 mm (1.6 inches) SFU, with which the SFU modules

integrated on the SRUs work in 2+1 load
balancing mode
4.2.5 SRU
The CX600-X8 can work with either a single SRU or two SRUs in backup mode.
When the CX600-X8 is equipped with two SRUs, the master SRU works in the active state
and the slave SRU is in the standby state. You cannot access the MEth interface or configure
commands on the console or AUX interface on the slave SRU. The slave SRU exchanges
information (including heartbeat messages and backup data) with only the master SRU. Data
is synchronized through high reliability mechanisms such as the batch backup and real-time
backup between the master and slave SRUs. After the master/slave switchover, the slave SRU
replaces the master SRU and takes over services on the master SRU. The system supports the
setting of the default master SRU. During the startup process, the SRU that you set as the
default master SRU wins the master/slave competition and becomes the master SRU.
SRUs support two switchover modes: failover and manual switchover. The failover is
triggered by serious faults or resetting of the master SRU. The manual switchover is triggered
by commands that are run on the console or AUX interface.
The SRU is an integrated unit of multiple functional modules. The SRU provides the
functions described as follows by integrating the system control and management unit, the
switching unit, the system clock source, and the maintenance and management unit. The
functions and hardware implementation of each module is independent.
Core unit for system control and management
Carrying out routing protocols: The SRU is used for packet broadcast, packet filtering,
and download of routing policies from the policy server.
Managing and communicating with the boards: The LAN switch module integrated on
the SRU can carry out the outer band communication among boards. Through the outer
band management bus, it can manage the LPU, the SFU, and the slave SRU, and
implement their communication.
Configuring data: The SRU carries out system data configuration and startup files,
charging, software upgrade and running logs storage. The CF card on the SRU panel is
used to store logs of the system and is hot swappable. The CF card inside the SRU is
used to store system files and is not hot swappable.
Managing and maintaining the system: The management interfaces (serial or network
interfaces) on the SRU carry out management and maintenance of the system.
Part of the SFU
On the CX600-X8, one SFU and the two SFU modules on the SRUs constitute three
switching planes that work in 2+1 load balancing mode.
As the clock synchronization unit for data switching, the SRU ensures the clock
synchronization between the SFUs and the LPUs.
System clock unit
The SRU provides LPUs with reliable SDH interface clock signals.

The SRUs of the CX600-X8 support clock synchronization that complies with IEEE
1588v2.
System maintenance unit
As the system maintenance unit, the SRU collects monitoring information, tests remotely
or locally or in-service upgrades system units.
Through the Monitorbus, the SRU periodically collects the operation data of each unit
and generates control information based on the running status. For example, the SRU
periodically detects whether each board is in position and adjusts the rotating speed of
the fan module. In addition, the SRU can test remotely or locally or in-service upgrades
system units through the JTAG bus.
The main control module, clock module, and LAN switch module work in 1+1 hot backup mode, thus
improving system reliability.
Table 4-14 Interfaces on the SRU
Interface Connec Description

tor
Ethernet RJ45 One Ethernet interface: It connects to the Network Management
(10M/100 (NM) workstation.
M/1000M
Base-TX
auto-sensi
ng)
AUX RJ45 One AUX interface: It connects to a Modem for remote
interface maintenance through a dialup connection.
CF card TYPE II Two CF cards: It is swappable. The CF card on the SRU panel
interface standard serves as a mass storage device to store data files.
(compat
ible with
the
TYPE I
standard
)
USB USB 2.0 Two USB interfaces: They are used for upgrading software
interface package and copying logs.
GE/2.5G LC Two GE/2.5G SFP interfaces: They are used for centralized
SFP management.
CLK SMB Two SMB connectors and two RJ45 connectors: They are used to
RJ45 receive or transmit clock signals.

4.2.6 SFU
As the switching network unit, the SFU switches data for the entire system.
On the CX600-X8, one independent SFU and two SFU modules on the SRUs constitute three
switching planes that work in 2+1 load balancing mode. When any of the SFUs is faulty or
removed, the traffic is shared by the other two SFUs. In this manner, traffic in the entire
system is not affected.
Detecting voltage, current, and temperature.
Providing protections against over-voltage, over-current, and over-heat.

Switching capacity of 1.44 Tbit/s Bidirectional
the system
Load balancing mode 2+1 CX600-X8 has two SFU modules on
the SRUs and one independent SFU.

bandwidth.



1588v2.

MVPN, and IPv6.

Card
Flexible Card
Flexible Card
Flexible Card
Card


1588v2.
1588v2.

bandwidth.
through licenses.


1588v2.
in IEEE 1588v2.
1588v2.
in IEEE 1588v2.

4.2.8 SPUC
that of SPUCs.
4.3 CX600-X3
4.3.1 Chassis
4.3.2 FAN
4.3.3 Power Supply
4.3.4 Board Cage
4.3.5 MPU
4.3.6 Power Supply
4.3.8 SPUC
4.3.1 Chassis
The dimensions of the CX600-X3 vary with the types of power modules.
The CX600-X3 with DC power modules is 4 U high and the dimensions are 442 mm *
650 mm * 175 mm (width * depth * height ). The CX600-X3 can be installed in a
19-inch standard cabinet or an N68E cabinet. Figure 4-12 shows the appearance of the
CX600-X3.
The CX600-X3 with AC power modules is 5 U high and the dimensions are 442 mm *
650 mm * 220 mm (width * depth * height ). The CX600-X3 can be installed in a
19-inch standard cabinet or an N68E cabinet. Figure 4-13 shows the appearance of the
CX600-X3.

Figure 4-12 Appearance of the CX600-X3 (DC power modules )
1. Air intake frame 2. Rack-mounting ear 3. LPU 4. Cabling rack

5. MPU 6. Fan module 7. Power module Air filter

Figure 4-13 Appearance of the CX600-X3 (AC power modules )
1. Air intake frame 2. Rack-mounting ear 3. LPU 4. AC power module

5. Cabling rack 6. MPU 7. Fan module Air filter
4.3.2 FAN
Ventilation and heat dissipation of the AC chassis as same as the DC chassis.
Ventilation and heat dissipation of the CX600-X3 is performed from left to right for the
boards.

Figure 4-14 Airflow of the CX600-X3
Table 4-19 Technical parameters of the CX600-X3 fan module

Item Description
Dimensions 184 mm * 450 mm * 127 mm (W * D * H )
Weight 1.5 kg
Maximum blast volume 850 m^3/h
Maximum noise 88 dB
4.3.3 Power Supply

The DC power modules of the CX600-X3 work in 1+1 backup mode. When one power
module is faulty, the other one can still supply sufficient power for the entire system.
The air circuit breaker of the DC power module is 50 A; the system power is 1200 W, with
450 W per slot.
Table 4-20 Technical parameters of the CX600-X3 DC power supply
Item Description
Weight 0.6 kg
Input voltage –38 V DC to –72 V DC
Maximum input current 50 A
Rate power 1600 W

Item Description
Rated current of the air switch 63 A
The CX600-X3 has two AC-DC power modules working in 1+1 backup mode. The power
modules are located on the front of the chassis and are accessed from the front panel.
Table 4-21 Technical parameters of the CX600-X3 AC-DC power supply
Item Description
Dimensions 42 mm * 117 mm * 208 mm
Weight 1.7 kg
Input voltage 90 V AC to 280 V AC; 50/60Hz
Input surge current 20 A
Output voltage -53.5 V DC
4.3.4 Board Cage

The CX600-X3 has one board cage, which has five slots. The slots can hold three LPUs and
two MPUs. Figure 4-15 shows the board cage of the CX600-X3.
The CX600-X3 does not have any SFU. The data exchange through the backplane, the switching
capacity is 240 Gbits/s.
Figure 4-15 Board cage of the CX600-X3
MPU MPU 45
LPU 3
LPU 2
LPU 1

Slot Number Quantity Boards to Be Installed

1 to 3 3 LPUs
4 and 5 2 MPUs in 1:1 backup
4.3.5 MPU
The CX600-X3 can work with either a single MPU or two MPUs in backup mode.
When the CX600-X3 is equipped with two MPUs, the master MPU works in the active state
and the slave MPU is in standby state. You cannot access the network management interface
of the slave MPU, or configure commands on the console or the AUX interface. The slave
MPU exchanges information (including heartbeat messages and backup data ) only with the
master MPU. Data is synchronized through high reliability mechanisms such as the batch
backup and real-time backup between the master and slave MPUs. After the master and slave
switchover, the slave MPU can replace the master MPU and take over the entire system. The
system supports the setting of the default master MPU. During the start process, the MPU that
you set wins the competition and becomes the master MPU.
MPUs support two switchover modes: failover and manual switchover. The failover is
triggered by serious faults or resetting of the master MPU. The manual switchover is triggered
by commands that are run on the console or the AUX interface, or the network management
interface.
The MPU is an integrated unit of multiple functional modules. The MPU provides the
functions as described below by integrating such units as the system control and management
unit, the switching unit, the system clock source, and the maintenance and management unit.
The functions and hardware implementation of each module is independent.
Core Unit for System Control and Management
Carrying out routing protocols: The MPU is used for packet broadcast, packet filtering,
Managing and communicating the boards: The LAN switch module integrated on the
MPU can carry out the outer band communications among boards. Through the outer
band management bus, it can manage the LPU, and the standby MPU, and implement
their communications.
Configuring data: The MPU carries out system data configuration and startup files,
charging, software upgrade and running logs storage. The CF card on the MPU panel is
used to store logs of the system and is hot swappable. The CF card inside the MPU is
used to store system files and is not hot swappable.
management interface ) on the MPU carry out management and maintenance of the
system
System Clock Unit
The MPU provides LPUs with reliable synchronous SDH interface clock signals.
The MPUs of the CX600-X3 support clock synchronization that complies with IEEE
1588v2.

System Maintenance Unit

The MPU periodically collects the running data of system units through the Monitorbus,
and generates control information based on the running state. For example, the MPU
the fan module. In addition, the MPU can perform local or remote test or online upgrade
of system units through the JTAG bus and CAN bus.
The main control module, clock module, and LAN switch module work in 1+1 hot backup mode, and
thus improving the reliability of the system.
Table 4-23 The interfaces on the MPU

Ethernet RJ45 One Ethernet interface: It is used for system maintenance.
(10M/100
M/1000M
Base-TX
auto-sensi
ng )
interface maintenance through a dial-up connection.
CF card TYPE II Two CF cards: They are swappable. The CF card on the MPU
interface standard panel serves as a mass storage device to save data files.
(compatible
with TYPE
I standard )
CLK RJ45 Two RJ45 connectors: It is used to receive or transmit the
DCLS/PPS 1588V2 clock signals.
4.3.6 Power Supply

The CX600-X3 provides the following power supplies:
DC power supply
AC power supply
The power modules of the CX600-X3 work in 1+1 backup mode. When one power module is
faulty, the other one can still supply sufficient power for the entire system.
The DC power module outputs:
Primary straight-through power
Secondary –48 V DC regulated voltage
The DC power module provides protections against the following:
Short circuit
Over-current

Over-voltage
Short circuit
It also supports the alarm function.
Table 4-24 Technical parameters of the CX600-X3 DC power module
Item Description
Weight About 9 kg
Input rated voltage –48 V DC
Maximum Active 85 A
output current
Standby 6A
The AC power module provides protections against the following:

Output over-current
Output over-voltage
Output under-voltage
Input over-voltage
Input under-voltage
Over-temperature
Short circuit
Table 4-25 Technical parameters of the AC-DC power supply
Item Description
Weight About 9 kg
Input rated voltage 200 V AC to 240 V AC; 50/60 Hz
Input voltage 180 V AC to 275 V AC; 50/60 Hz

Item Description
Output voltage –48 V DC
Maximum Active 56.5 A
output current
Standby 6A

bandwidth.

1588v2.



MVPN, and IPv6.

Card
Flexible Card
Flexible Card
Flexible Card
Card
1588v2.
1588v2.


bandwidth.
through licenses.

1588v2.
in IEEE 1588v2.
1588v2.
in IEEE 1588v2.
4.3.8 SPUC
that of SPUCs.

4.4 CX600-16
4.4.1 Chassis
4.4.2 Fan
4.4.3 Power Supply
4.4.4 LCD
4.4.5 Board Cage
4.4.6 MPU
4.4.7 SFU
4.4.9 SPUC
4.4.1 Chassis
The dimensions of the CX600-16 are 442 mm * 669 mm * 1600 mm (width * depth * height).
The CX600-16 can be mounted in a standard 19-inch cabinet or an N68E cabinet.
Figure 4-16 shows the appearance of the CX600-16.

Figure 4-16 Appearance of the CX600-16
1. LCD 2. Fan module 3. Cabling trough

4. Board cage 6. Air intake frame 7. Plastic panel of the power module
8. Power module 9. Rack-mounting ear 10. Handle
4.4.2 Fan
Ventilation and heat dissipation of the CX600-16 are performed from bottom up for the
boards.
The fans integrated on the power module are located at the bottom of the integrated chassis.
The air channels of the power module and the board cage are separated from each other. The
air flows from the front of the power module to the back for ventilation and heat dissipation.

Figure 4-17 Airflow of the CX600-16
CX600-16 has two fan modules working at the same time. When one fan module fails, the
fans in the other fan module can rotate at full speed and meet the heat dissipation
requirements.
Table 4-29 Technical parameters of the fan module

Item Description
Dimensions 193 mm * 520 mm * 177 mm (W * D * H)
Weight 7.2 kg

Item Description
Maximum noise 65 dB
Operating voltage –57 V to –36 V
4.4.3 Power Supply

CX600-16 adopts switched-mode power supply (SMPS). The first convertor power for the
yellow area, the second convertor power for the grey area, and the third convertor power for
the blue area.
Figure 4-18 Relationship between the power modules and slots
1 2 3 4 17 18 5 6 7 8 9
L L L L M ML L L L L
P P P P P P P P P P P
U U U UU UU U U U U
L L L L S S S S L L L
P P P P F F F F P P P
10 11 12 13 19 20 21 22 14 15 16
The DC power modules of the CX600-16 work in 1+1 backup mode. Located behind the
plastic panel, the DC power modules input DC power and distribute power for the system.
The power modules input three channels of power and adopt the switched-mode power supply
(SMPS). Each of the power modules inputs three channels of the –48 V DC power at the same
time. The three channels supply power for different modules.
The power modules can output primary straight-through power and secondary –48 V DC
regulated voltage.
The primary straight-through power provides short-circuit protection.

The secondary regulated voltage output provides output over-current protection, output
over-voltage protection, short-circuit protection, and alarms.
Table 4-30 Technical parameters of the DC-DC convertor
Item Description
Weight About 9 kg
Input rated voltage –48 V DC
Input current 60A (-48)
Maximum Input current 75A * 3
Rated current of the air-break 80A
The AC power modules of the CX600-16 work in 1+1 backup mode. Located behind the
plastic panel, the AC power modules input AC power and distribute power for the system.
The maximum output power of the AC power module on the CX600-16 is 5000 W.
The AC power module provides protections against the following:
Output over-current
Output over-voltage
Input over-voltage
Input under-voltage
Over-temperature
Short circuit
Table 4-31 Technical parameters of the AC-DC power module

Item Description
Weight About 25 kg
Input rated voltage 180 V AC to 240 V AC; 50/60 Hz
Maximum input current 3 * 10 A
Rated output current The current of board consume: 86 A
The current of fan consume: 10 A

Item Description
Rated output power 5000 W
4.4.4 LCD
The LCD is used to display information and the status of the board, environment, fan module,
and power module.
The LCD supports two display modes:
Idle mode: the default mode. It is used to display the normal status of the system.
Menu query mode: It can support 3-level menus at most.
Figure 4-19 shows the appearance of the LCD.
Figure 4-19 Appearance of the LCD
4.4.5 Board Cage

As shown in Figure 4-20, the CX600-16 has two board cages, each of which has 11 slots. The
slots can hold 16 LPUs or NetStream SPUs, four SFUs, and two MPUs.

Figure 4-20 Board cage of the CX600-16
1 2 3 4 17 18 5 6 7 8 9
L L L L M M L L L L L
P P P P P P P P P P P
U U U UU U U U U U U
L L L L S S S S L L L
P P P P F F F F P P P
10 11 12 13 19 20 21 22 14 15 16
Table 4-32 Slot layout of the CX600-16
Slot Number Number Slot Width Boards to Be Installed

1 to 16 16 41 mm (1.6 inches) LPUs or SPUs
17 and 18 2 30 mm (1.2 inches) MPUs, which work in 1:1 backup
mode
19 to 22 4 36 mm (1.4 inches) SFUs, which work in 3+1 backup
mode
4.4.6 MPU
The CX600-16 can work with either a single MPU or two MPUs in backup mode.
When the CX600-16 is equipped with two MPUs, the master MPU works in the Active state
and the slave MPU is in the Standby state. You cannot access the management interface of the
slave MPU, or configure commands on the console or the AUX interface. The slave MPU
exchanges information (including heartbeat messages and backup data) only with the master
MPU. Data is synchronized through high reliability mechanisms such as the batch backup and
real-time backup between the master and slave MPUs. After the master/slave switchover, the
slave MPU can take the place of the master MPU and take over the entire system. The system
supports the setting of the default master MPU. During the start process, the MPU that you set
wins the competition and becomes the master MPU.

MPUs support two switchover modes: failover and manual switchover. Failover is triggered
by serious faults or resetting of the master MPU. The manual switchover is triggered by
commands that are run on the console or the AUX interface.
The MPU integrates multiple functional modules such as the clock module, LAN switch
module, and Compact Flash (CF) module. As the system clock source and the management
and maintenance unit, the MPU runs as the core of system control and management. It
provides the functions of the control plane and the maintenance plane.
The MPU controls and manages the system. It is designed in 1:1 backup mode. The MPU is
composed of the main control unit, system monitoring unit, management bus switching unit,
and the clock system.
The main control unit of each MPU is connected to the management bus switching unit
of both the master and the slave MPUs. It controls and manages all the functional units
such as MPUs, SFUs, and LPUs. The main control unit also communicates with the
system monitoring unit. The system monitoring unit reports the status and environment
information about the monitoring plane to the management control plane. The
management control plane then sends control signals to the monitoring plane.
The system monitoring unit communicates with the monitoring units in other boards or
subsystems through the Monitorbus. It collects the system monitoring information and
interacts with the system main control unit. In addition, it monitors the status and
environment of the MPU and controls the power-on and power-off of the MPU.
The management bus switching unit carries out the switching of the management bus. It
connects to the control units of two MPUs, all LPUs, and SFUs. Thus, there are two sets
of management buses in the system to perform the master/slave backup protection no
matter which MPU is in master mode.
Figure 4-21 Management bus connection
LPU 1 Management bus

switching unit
... MPU
System (Master)
LPU 16 monitoring unit
SFU 1 Management bus

switching unit MPU
...
(Slave)
System
SFU 4
monitoring unit
System clock unit

The MPU provides LPUs with reliable synchronous SDH interface clock signals.

Table 4-33 Interfaces on the MPU

Ethernet RJ45 Two Ethernet interfaces: One is used for system
(10M/100M/1 maintenance; the other is used as a cascading interface in a
000M multi-chassis system.
Base-TX
auto-sensing)
interface configuration.
AUX interface RJ45 One AUX interface: It connects to a Modem for remote
maintenance through a dial-up connection.
CF card TYPE II One CF card: It is swappable. The CF card on the SRU
interface standard panel serves as a mass storage device to save data files. In
(compatible addition, there is a CF card inside the MPU.
with TYPE I
standard)
CLK SMB Four SMB connectors: They are used to receive or
transmit the 2.048 MHz or 2.048 Mbit/s clock signals.
4.4.7 SFU
As the switching network unit of the CX600-16, the SFU switches data for the entire system.
The SFUs work in 3+1 load balancing and backup mode. The four SFUs work at the same
time to share data processing. When an SFU is faulty or replaced, the remaining three SFUs
automatically carry out load balancing without affecting services.
Detects voltage, current, and temperature.
Provides protections against over-voltage, over-current, and over-heat.
The SFU provides the clock synchronization function. The clock synchronization units of the
two SFUs back up each other.

Switching capacity of a 160 G or 640 G Bidirectional
board
Switching capacity of 640 G or 2.56 T Bidirectional
the system
Load balancing mode of 3+1 -
SFUs
Synchronization clock On two SFUs and in backup mode -


bandwidth.


1588v2.

MVPN, and IPv6.


Card
Flexible Card
Flexible Card
Flexible Card
Card
1588v2.
1588v2.

bandwidth.
through licenses.


1588v2.
in IEEE 1588v2.
1588v2.
in IEEE 1588v2.
4.4.9 SPUC
that of SPUCs.
4.5 CX600-8
4.5.1 Chassis
4.5.2 FAN
4.5.3 Power Supply
4.5.4 Board Cage
4.5.5 SRU

4.5.6 SFU
4.5.8 SPUC
4.5.1 Chassis
The chassis of theCX600-8 is 20 U high and the dimensions are 442 mm x 669 mm x 886.2
mm (width x depth x height). The CX600-8 can be installed in a 19-inch standard cabinet or
an N68E cabinet. Figure 4-22 shows the appearance of the CX600-8.
Figure 4-22 Appearance of the CX600-8
1. Panel of the 2. Fan 3. Board cage 4. Air intake 5. Plastic panel of the
fan frame frame frame power module
6. Power 7. Handle 8. Rack-mounting 9. Cabling
module ear trough

4.5.2 FAN
Air is drawn into the chassis and flows from bottom to up in the chassis for the ventilation and
heat dissipation of the boards installed on theCX600-8.
The fans integrated on the power module are located at the bottom of the integrated chassis.
The air channels of the power module and the board cage are separated from each other. The
air flows from the front of the power module to the back for ventilation and heat dissipation.
Figure 4-23 Airflow of the CX600-8
The CX600-8 has one fan frame in which there are nine fans.
Table 4-38 Technical parameters of the CX600-8 fan module

Item Description
Dimensions 410 mm x 520 mm x 44.45 mm (width x depth x height)
Weight 5 kg
Maximum noise 65 dB

4.5.3 Power Supply

The CX600-8 provides the following power supplies:
DC power supply
AC power supply
The power modules of the CX600-8 work in 1+1 backup mode. When one power module is
faulty, the other one can still supply sufficient power for the entire system.
The DC power module outputs:
Primary straight-through power
Secondary -48 V DC regulated voltage
The DC power module provides protection against the following:
Over-current
Over-voltage
Short circuit
Table 4-39 Technical parameters of the CX600-8 DC power module
Item Description
Weight About 9 kg
Maximum Active 75 A
output current
Standby 5A
The AC power module provides protection against the following:

Output over-current
Output over-voltage
Input over-voltage
Input under-voltage
Over-temperature

Short circuit
Table 4-40 Technical parameters of the AC-DC power supply
Item Description
Dimensions 184 mm x 450 mm x 127 mm (weight x depth x height)
Weight About 9 kg
Input voltage 180 V AC to 275 V AC; 50/60 Hz
Output voltage -48 V DC
Maximum output current 62.5 A
4.5.4 Board Cage

The CX600-8 has one board cage, which has 12 slots. The slots can hold eight LPUs, two
SFUs (sharing one slot), and two SRUs.
Figure 4-24 shows the board cage of the CX600-8.
Figure 4-24 Board cage of the CX600-8
1 2 3 4 9 11 10 5 6 7 8
S
F
L L L L S U S L L L L
P P P P R R P P P P
U U U U U S U U U U U
F
U
1 2 3 4 9 1210 5 6 7 8
Table 4-41 Slot layout on the CX600-8

1 to 8 8 41 mm (1.6 inches ) LPUs


9 and 10 2 36 mm (1.4 inches ) SRUs, on which the MPUs work
in 1:1 backup mode
11 and 12 2 36 mm (1.4 inches ) SFUs, with which the SFU
modules on the SRU work in 3+1
load balancing mode
4.5.5 SRU
The CX600-8 can work with either a single SRU or two SRUs in backup mode.
When the CX600-8 is equipped with two SRUs, the master SRU works in the Active state and
the slave SRU is in the Standby state. You cannot access the management interface of the
slave SRU, or configure commands on the console or the AUX interface. The slave SRU
exchanges information (including heartbeat messages and backup data) only with the master
SRU. Data is synchronized through high reliability mechanisms such as the batch backup and
real-time backup between the master and slave SRUs. After the master/slave switchover, the
slave SRU can replace the master SRU and take over the entire system. The system supports
the setting of the default master SRU. During the start process, the SRU that you set wins the
competition and becomes the master SRU.
SRUs support two switchover modes: failover and manual switchover. Failover is triggered by
serious faults or resetting of the master SRU. The manual switchover is triggered by
commands that are run on the console or the AUX interface.
The SRU is an integrated unit of multiple functional modules. The SRU provides the
functions as described below by integrating such units as the system control and management
unit, the switching unit, the system clock source, and the maintenance and management unit.
The functions and hardware implementation of each module are independent.
Core unit for system control and management
Carrying out routing protocols: The SRU is used for packet broadcast, packet filtering,
Carrying out the management of and communications between boards: The LAN switch
module integrated on the SRU can carry out the outer band communications among
boards. Through the outer band management bus, it can manage the LPU, the SFU and
the standby SRU, and implement their communications.
Configuring data: The SRU provides system configuration data, startup files, upgrade
software, and log information. The CF card on the SRU panel is used to store logs of the
system and is hot swappable. The CF card inside the SRU is used to store system files
and is not hot swappable.
interfaces) on the SRU carry out management and maintenance of the system
Parts on the SFU
The two SFUs and two SFU modules on the SRU of the CX600-8 constitute four
forwarding planes that work in 3+1 load balancing mode.
As the clock synchronization unit for data switching, the SRU ensures the clock
synchronization between the SFUs and the LPUs.
System clock unit

The SRU provides LPUs with reliable synchronous SDH interface clock signals.
System maintenance unit
The SRU periodically collects the operation data of system units through the Monitorbus,
and generates control information based on the operation status. For example, the SRU
the fan module. In addition, the SRU can perform local or remote test or online upgrade
of system units through the JTAG bus and CAN bus.
The main control module, clock module, and LAN switch module work in 1+1 hot backup mode,
improving the reliability of the system.
Table 4-42 Interfaces on the SRU

Ethernet RJ45 Two Ethernet interfaces: One is used for system maintenance;
(10M/100 the other is used as a cascading interface in a multi-chassis
M/1000M system.
Base-TX
auto-sensi
ng )
interface configuration.
interface maintenance through a dial-up connection.
CF card TYPE II Two CF cards: It is swappable. The CF card on the SRU panel
interface standard serves as a mass storage device to save data files.
(compatible
with TYPE I
standard )
CLK SMB Four SMB connectors: They are used to receive or transmit the
2.048 MHz or 2.048 Mbit/s clock signals.
4.5.6 SFU
As the switching network unit, the SFU switches data for the entire system.
The SFUs on the CX600-8 work in 3+1 load balancing mode. Four SFUs work at the same
time and share the traffic. When any of the SFUs is faulty or removed, the traffic on the SFU
is shared by the other three SFUs. In this manner, traffic in the entire system is not affected.
Detecting voltage, current, and temperature
Providing protections against over-voltage, over-current, and over-heat

Table 4-43 The parameter of SFU

Switching 640 G Bidirectional
capacity of the
system
Load balancing 3+1 CX600-8 has two SFU modules on the SRUs
mode and two independent SFUs.

bandwidth.


synchronization. In addition, ports
0 or 1 support synchronization of
sending and receiving clock
signals simultaneously; other ports
support only synchronization of
sending clock signals.
IEEE 1588v2.



LPUF-21 provides LPUF-21-A and LPUF-21-B two type motherboard. LPUF-21-A supports
all software features, while LPUF-21-B supports the software features except L3VPN, MVPN,
and IPv6.
Table 4-45 lists the flexible plug-in cards supported by the LPUF-21

Card
Flexible Card
4-Port 10GBase WAN/LAN-XFP Optical Interface Occupy two sub-slots.
Flexible Card
Flexible Card
Card
48-Port 10/100Base Delander Flexible Card Occupy two sub-slots.
1-port 10G Base WAN/LAN-XFP Flexible Card A Occupy one sub-slot. it supports
1588v2.
12-port 100/1000Base-SFP Flexible Card A Occupy one sub-slot.. it supports
1588v2.
2-Port 10GBase WAN/LAN-XFP+20-Port Occupy two sub-slots.
2-Port 10GBase WAN/LAN-XFP+20-Port Occupy two sub-slots. Supporting
100/1000Base-SFP Flexible Card A IEEE1588v2.
1-Port 10GBase WAN/LAN-XFP Flexible Card B Occupy one sub-slot and supports
PPPoE.


12-port 100/1000Base-SFP Flexible Card B Occupy one sub-slot and supports
PPPoE.
1-port 10G Base WAN/LAN-XFP Flexible Card Q Occupy one sub-slot and supports
PPPoE, Enhanced QoS and the
1588v2.
4.5.8 SPUC
that of SPUCs.

5 Link Features
5 Link Features
About This Chapter

5.1 Ethernet Link Features
5.2 FR Link Features
5.3 POS Link Features
5.4 CPOS Link Features
5.5 ATM Link Features
5.6 TDM Link Feature
5.7 CE1/CT1/E3/T3/CT3 Link Features
5.8 MC-Trunk
5.9 MC-APS
5.1 Ethernet Link Features

5.1.1 Basic Features
5.1.2 Eth-Trunk
5.1.3 Virtual Ethernet Interface
5.1.1 Basic Features

The Ethernet link provided by the CX600 has the following features:
VLAN trunk
VLANIF interfaces
VLAN aggregation
Inter-VLAN interface isolation
Ethernet sub-interfaces
VLAN aggregation sub-interfaces
Ethernet clock synchronization

5 Link Features
5.1.2 Eth-Trunk
Ethernet bundling is a technology that bundles multiple physical Ethernet interfaces into a
logical interface (Eth-Trunk ) to increase bandwidth.
Eth-Trunks of the CX600 function as follows:
Supports the bundling of up to 16 physical Ethernet interfaces. Eth-Trunks function the
same as normal Ethernet interfaces.
Supports the bundling of interfaces with different rates.
Supports the active/standby mode and performs active/standby switchover automatically
in accordance with the link status of interfaces.
The CX600 supports the addition or deletion of member interfaces to or from an Eth-Trunk.
The CX600 can also sense the Up or Down state of member interfaces, thus dynamically
modifying the bandwidth of the Eth-Trunk.
Layer 2 Ethernet Bundling

When running the portswitch command on an Eth-Trunk, you can switch the Eth-Trunk to
the Layer 2 mode. The Eth-Trunk then provides the following features of the switched
Ethernet link:
VLANIF interfaces
Inter-VLAN interface isolation
VLAN aggregation
VLAN trunk
VLAN mapping
QinQ and VLAN stacking
Layer 2 features such as MSTP and RRPP
Layer 3 Ethernet Bundling

By default, an Eth-Trunk is a Layer 3 Ethernet bundling interface. The Eth-Trunk then
provides the following features of the routed Ethernet link:
IPv4/IPv6 forwarding
MPLS forwarding
Multicast forwarding
L3VPN
L2VPN
The Layer 3 Eth-Trunk supports the creation of sub-interfaces. Each Layer 3 Eth-Trunk
supports a maximum of 4000 sub-interfaces.
LACP (802.3ad)
The CX600 supports link aggregation in Link Aggregation Control Protocol (LACP) static
mode. Link aggregation in static LACP mode is in contrast with port bundling in manual
mode. Port bundling in manual mode requires neither LACP nor exchange of protocol packets.
The ISP alone decides the bundling of ports. Link aggregation in LACP static mode resorts to
LACP and automatically maintains the port status by exchanging protocol packets. The ISP,

5 Link Features
however, needs to set up the aggregation group and add member links. LACP cannot change
the configuration information.
The CX600 supports LACP that conforms to IEEE 802.3ad. Administrators can create an
Eth-Trunk, add member ports to the Eth-Trunk, and enable LACP on the Eth-Trunk. The
CX600 negotiates with the peer device to determine the interfaces for data forwarding by
exchanging LACP protocol packets. That is, they negotiate to determine whether the
outbound interfaces are in the Selected or Standby state.
LACP maintains the link status based on the port status. LACP adjusts or disables link
aggregation in the case of aggregation changes.
5.1.3 Virtual Ethernet Interface

The CX600 supports virtual Ethernet (VE) interfaces. After the ATM PVC is mapped to the
manually-created VE interfaces, Ethernet frames can be transmitted over the ATM Adaptation
Layer (AAL5). The VE interfaces thus provide Layer 2 switched and Layer 3 IP services.
5.2 FR Link Features

Frame Relay (FR) is a fast packet switching technology used to forward and switch data in a
simple manner on the link layer.
FR carries out only functions of the physical layer and data link layer in the Open Systems
Interconnection (OSI) reference model. Flow control and error correction are implemented by
the intelligent terminal. This shortens the period of packet processing, increases the network
throughput, and shortens the transmission delay.
FR uses virtual circuits (VCs) to make a full use of network resources. Therefore, FR features
large throughput and short delay. It is applicable to burst services.
The CX600 provides the following FR features:
Data Link Control Identifier (DLCI)
VC: Permanent Virtual Circuit (PVC) and Switching Virtual Circuit (SVC)
FR address mapping
FR Local Management Interface (LMI)
FR sub-interfaces
FR switch PVC backup
FR compression
Multilink Frame Relay (MFR)
5.3 POS Link Features

5.3.1 SDH/SONET Encapsulation
5.3.2 POS Interfaces
5.3.3 POS Sub-interfaces
5.3.4 IP-Trunk

5 Link Features

The physical layer of the Packet Over SDH/SONET (POS) link adopts Synchronous Optical
Network (SONET) defined by the American National Standards Institute (ANSI) or
Synchronous Digital Hierarchy (SDH) defined by the International Telecommunication
Union-Telecommunication Standardization Sector (ITU-T). POS interfaces provide alarms for
the physical layer.
5.3.2 POS Interfaces

The CX600 provides POS interfaces at a rate of 155 Mbit/s, 622 Mbit/s, 2.5 Gbit/s, 10 Gbit/s.
POS interfaces support the following protocols on the data link layer:
Point-to-Point Protocol (PPP)
High-level Data Link Control (HDLC)
FR (Frame Relay)
PPP on POS interfaces supports the following:
Link Control Protocol (LCP)
Internet Protocol Control Protocol (IPCP)
Multiprotocol Label Switching Control Protocol (MPLSCP)
Multilink Protocol (MP)
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
5.3.3 POS Sub-interfaces

On the CX600, you can manually create POS sub-interfaces to provide multiple logical links
over a POS link. Then, you need to configure FR on the link layer of POS sub-interfaces to
interwork with the network-layer devices that support POS FR or with FR switches that
support POS interfaces. POS sub-interfaces support the point-to-point (P2P) mode and the
point-to-multipoint (P2MP) mode.
5.3.4 IP-Trunk
When HDLC is adopted on the link layer of POS interfaces, you can bundle multiple POS
interfaces into a logical interface, namely, an IP-Trunk.
You can configure IP-Trunks to implement routing protocols and carry MPLS and VPN
services. The physical POS interfaces that are bundled into an IP-Trunk are called member
interfaces. All configurations on an IP-Trunk also take effect on the member interfaces. The
member interfaces use the IP address of the IP-Trunk.
IP bundling has the following advantages:
Increased bandwidth: The bandwidth of an IP-Trunk is the total bandwidth of all member
interfaces.
Improved reliability: When a link fails, traffic is automatically switched to other links.
This ensures the reliability of the connection.
Load balancing: Load balancing is implemented between different flows. Flows with
different source and destination IP addresses are carried over different links. The same
flow is carried over one link.

5 Link Features
Figure 5-1 Diagram of an IP-Trunk
Trunk
The CX600 supports IP bundling in the following cases:

Inter-board IP bundling
IP bundling of channels with different rates
Dynamic creating and removing of IP-Trunks
Bundling of a physical channel into an IP-Trunk by using commands on physical
interfaces
5.4 CPOS Link Features

In a network, a great number of access devices are connected to the upstream convergence
devices through the low-speed E1/T1 interfaces. In this case, the convergence devices need to
possess the capabilities of converging a great number of low-speed E1/T1 or POS interfaces.
The CPOS interfaces of various rates supported on the CX600 can meet the preceding
requirements.
5.4.1 Channelization
5.4.2 PPP/HDLC/TDM
5.4.1 Channelization
A CPOS interface is a channelized POS interface. In channelization, multiple independent
channels of data are transmitted over an optical fiber by using low-speed tributary STM-N
signals. During the transmission, each channel has its own bandwidth, start and end points,
and follows its own monitoring policy. Channelization can make full use of bandwidth in
transmitting multiple channels of low-speed signals.
The channelization granularity of CPOS interfaces is as follows:
A 155-Mbit/s CPOS interface can be channelized into 63 E1 channels, 84 T1 channels,
or N x 64K channels.
A 155-Mbit/s CPOS interface can be channelized into 3 E3/T3 channels.
After being channelized from the CPOS interface, the E1 interface can transparently transmit
unstructured TDM services over the MPLS PW, which complies with the SAToP protocol.
After being channelized from the CPOS interface, the E1 interface can transparently transmit
structured TDM services over the MPLS PW, which complies with the CESoPSN protocol.
5.4.2 PPP/HDLC/TDM
The CX600 provides CPOS interfaces at a rate of 155 Mbit/s. On the link layer, CPOS
supports the following protocols:
PPP
HDLC

5 Link Features
TDM
PPP on CPOS interfaces supports the following:
LCP
IPCP
MPLSCP
MP
PAP
CHAP
5.5 ATM Link Features

5.5.2 PVP/PVC
5.5.3 IPoA
5.5.4 ATM Sub-interfaces
5.5.5 ATM OAM
5.5.6 1483B
5.5.7 ATM Cell Transport
5.5.8 ATM E1 IMA

ATM interfaces on the CX600 support SONET/SDH encapsulation, and the SONET/SDH
overhead configuration, and physical layer alarms.
5.5.2 PVP/PVC
ATM interfaces support PVP/PVC in the following aspects:
VP/VC-based traffic shaping
User-to-Network Interface (UNI) signaling
RFC 1483: Multiprotocol Encapsulation over ATM Adaptation Layer 5
RFC 1577: Classical IP and ARP over ATM
F4 or F5 end-to-end loopback Operation, Administration, and Maintenance (OAM)
ATM Adaptation Layer 5 (AAL5)
Non-real-time Variable Bit Rate (nrt_VBR)
Unspecified Bit Rate (UBR)
Real-time Variable Bit Rate (rt_VBR)
Constant Bit Rate (CBR)

5 Link Features
5.5.3 IPoA
IP over ATM (IPoA) is a technology that bears IP services over the ATM network. It inherits
the fundamentals of TCP/IP and regards the ATM network as a physical subnet. For IP
protocols, the ATM network is equivalent to the physical subnet such as the Ethernet. With
IPoA applied, users can directly run IP-based network protocols and applications on the ATM
network.
The CX600 supports the following modes in setting up the mapping between PVCs and the IP
address of the peer device:
Static mapping
Inverse Address Resolution Protocol (InARP)
5.5.4 ATM Sub-interfaces

The CX600 supports ATM sub-interfaces. ATM interfaces support multiple virtual
connections of which the peer networks are in different network segments. In this manner,
ATM sub-interfaces should be created so that the CX600 can communicate with different
peers. Multiple PVCs can be created on an ATM sub-interface.
5.5.5 ATM OAM

ATM OAM provides a mechanism to detect and locate faults, and verify network performance
without interrupting services. OAM provides the network with specific information by
inserting OAM cells with the standard structure into user cell flows.
The CX600 supports the F4 and F5 OAM. OAM can detect the Up and Down status of PVP
or PVC links.
5.5.6 1483B
RFC 1483 defines the technological standards of transmitting multi-protocol data units over
the ATM network. The standards are as follows:
1484 Bridged
It is applied to the bridged Protocol Data Units (PDUs ).
1483 Routed
It is applied to the routed PDUs.
RFC1483 Bridged encapsulates data packets of the network layer on the data link layer,
simulating the bridge function of the Ethernet network. In this manner, the terminal devices
on the user side and the bridge devices on the network side are connected.
Figure 5-2 shows the protocol stack of 1483B.

5 Link Features
Figure 5-2 Protocol stack of 1483B
TCP/UDP
IP
Ethernet
1483B
TCP/UDP AAL5
ATM
IP
Ethernet
ATM network
Access CX A
Router
The IPoE Ethernet protocol stack is applied to a device on the user side. After 1483B is
configured on the ingress CX A on the ATM network, CX A can encapsulate Ethernet frames
into ATM cells, so that the received IPoE packets can be transmitted transparently on the ATM
network.
IP over Ethernet over ATM (IPoEoA ) is the main application of 1483B supported by the
CX600. IPoEoA indicates that AAL5 bears Ethernet frames and Ethernet bears IP packets. In
this manner, the layer 2 forwarding of IPoEoA packets is implemented between the Ethernet
and PVC. IPoEoA converges the ATM backbone network and the IP network. IPoEoA
supports various Ethernet and IP services.
5.5.7 ATM Cell Transport

The objective of PWE3 is to connect the traditional network resources such as ATM, FR, and
Local Area Network (LAN ) through a PSN, and to emulate the traditional services over the
PSN. The emulation of the original services to the utmost on the PSN keeps the end user from
feeling differences. In this manner, it protects the settled investment of users and operators in
the network consolidation and establishment.
The Layer 2 emulation service on a PSN passes through the public or private PSN by setting
up P2P tunnels and bearing data packets, cells, and bit flows. PWE3 tries to emulate the
original services between the two PEs that are connected through a PW.
Figure 5-3 shows the encapsulation type of the label for ATM transparent cell transport over a
PSN.

5 Link Features
Figure 5-3 Networking diagram of ATM cell transport over a PSN
ATM Encapsulation
over PSN
PSN Transport Header Outer MPLS Label
Pseudo-wire Header Inner MPLS Label
MPLS PSN tunnel
identified by outer label ATM Control Word
ATM Service Payload

MPLS
ATM Service Network Pseudo-wire identified
by inner label
PSN Tunnel L2
L2
Network Network
Pseudo-wire
PE PE
ATM Service
The outer label is used to identify a PSN tunnel; the inner label is used to identify a PW.
ATM cell transport bears the following services though the PSN:
The PW payload is the ATM cell.
The PW payload is the AAL5 SDU/PDU.
ATM cell transport can migrate the functions of the earlier ATM network through the PSN
without adding new ATM devices or changing the configuration of the CE devices on the
ATM network. ATM CEs regard ATM cell transport as a TDM leased line to interconnect
ATM networks by transparently transporting cells through the PSN.
The CX600 supports the transparent transmission of ATM cells and AAL5 SDUs over PVCs
and PVPs. The CX600 supports the following ATM cell transport modes:
ATM whole port cell transport
1-to-1 VCC cell transport
N-to-1 VCC cell transport
1-to-1 VPC cell transport
N-to-1 VPC cell transport
ATM AAL5-SDU VCC transport
5.5.8 ATM E1 IMA

To improve utilization of links, inverse multiplexing over ATM (IMA ) is applied to ATM
physical interfaces. When users need to access an ATM network at a rate between T1/E1 and
T3/E3, IMA divides a high-speed link into multiple low-speed links, on which user data is
transmitted, and can then multiplex the low-speed links into the high-speed link. During the
process, the rate of the high-speed link is approximately equal to the sum of the rates of
multiple low-speed links.
IMA can dynamically allocate bandwidth. With IMA, links can be increased or decreased
without connection termination, and thus the bandwidth of a link that connects two ends can
be changed according to service volume. In this manner, bandwidth resources are saved.

5 Link Features
The following is a simple illustration about inverse multiplexing and de-multiplexing.
Figure 5-4 Inverse multiplexing and de-multiplexing of ATM cells in IMA group
IMA Group IMA Group

Physical Link #0
PHY PHY
Physical Link #1
PHY PHY
Single ATM Cell Stream Original ATM Cell

from ATM Layer Physical Link #2 Stream to ATM Layer
PHY PHY
IMA Virtual Link
Tx direction: cells distributed across links in round robin sequence
Rx direction: cells recombined into single ATM stream
The IMA interface periodically sends some special cells. The information contained in these
cells are used by the receiving end of IMA virtual links to recreate ATM cell flows. Before
recreating ATM cell flows, the receiving end should first adjust the link differential delay and
should remove the Cell Delay Variation (CDV ) imported by controlling cells. These types of
cells are called IMA Control Protocol cells (ICP ), and are used to define IMA frames.
Upon sending, the sending end should keep alignment with IMA frames on all links so that it
could detect the differential delay between links according to the arrival time of IMA frames
on different links and perform adjustment thereafter.
The cells are consecutively sent out at the sending end. If no cells on the ATM layer can be
sent between ICPs of an IMA frame, the IMA sending end keeps consecutive cell flows on the
physical layer by adding filler cells, which will be discarded at the IMA receiving end.
5.6 TDM Link Feature

In Time Division Multiplexing (TDM), a channel is divided into different timeslots. Voice
signals are sampled and quantized, and then occupy specific timeslots in specific order. In this
manner, multiple channels of signals are multiplexed into a channel of compound digital
signals at a high speed, that is, aggregate signals. Each channel of signals is transmitted
independently. Through Pulse Code Modulation (PCM), voice signals together with other
digital signals are transmitted over Plesiochronous Digital Hierarchy (PDH) links or
Synchronous Digital Hierarchy (SDH) links through TDM. Generally, PDH and SDH services
are called TDM services.

5 Link Features
Figure 5-5 TDM service
TDM supported on following interfaces:

CE1
CT1
cSTM-1 POS
In a packet switching network (PSN ), the circuit emulation services are used to transparently
transmit the TDM circuit. The CX600 supports TDM CES accessed by the E1 electrical
interfaces and the channelized STM-1 optical interfaces.
The CX600 uses the PWE3 technology to provide the CES.
The CES mainly applies to the wireless service and enterprise private line service. For 2G/3G
stations or enterprise private lines, the router equipment accesses E1 signals from E1 lines or
channelized STM-1 lines. The router equipment then encapsulates the E1 signals into packets,
which are then transported to the opposite end through the PW. Figure 5-6 shows the process.

5 Link Features
Figure 5-6 CES service application model
IP/MPLS backbone
Backbone layer
RNC
BSC
Convergence
layer
Access
layer
NodeB BTS BTS NodeB
CES
The CX600 supports the CES services in both the structured emulation mode and unstructured
emulation mode.
The structured emulation mode is also the structure-aware TDM circuit emulation service
over packet switched network (CESoPSN ) mode.
In this mode, the equipment detects the frame structure, framing scheme and timeslot
information in the TDM circuit.
In this mode, the equipment processes the overhead in the TDM frames and extracts the
payload. The equipment then places each channel of timeslots into the packet payload in
a certain sequence. In this way, each channel of services are fixed and known.
The unstructured emulation mode is also the structure-agnostic TDM over packet (SAToP )
mode.
In this mode, the equipment does not detect the structure of any TDM signals, but takes
signals as bit flow of the fixed rate. In this way, the overall bandwidth for the TDM
signals is emulated.

5 Link Features
In this mode, the overhead and payload in the TDM signals are transparently transmitted.
5.7 CE1/CT1/E3/T3/CT3 Link Features

The CX600 provides CE1, CT1, E3, T3, CE3, and CT3 interfaces.
Serial interfaces are channelized from CE1/CT1/E3/CE3/T3/CT3 interfaces and support the
following link protocols:
PPP
HDLC
ATM supported on CE1/CT1 interfaces
TDM supported on CE1/CT1 interfaces
PPP on serial interfaces supports the following:
LCP
IPCP
MPLSCP
MP
PAP
CHAP
5.8 MC-Trunk
A Multi-Chassis Trunk (MC-Trunk) is an extension of a trunk. In the MC-Trunk, a trunk is
divided into two sub-groups that connect to two routers respectively, rather than connect to
multiple LPUs on one router. These two routers are PE devices that back up each other. The
MC-Trunk provides reliability for Ethernet links, and also provides reliability for network
connections by connecting to two systems.

5 Link Features
Figure 5-7 MC-Trunk
PE1
Active
Standard Trunk
Trunk 1 MC-Trunk Provider

(Sub-group) Network
CPE
Trunk 1
Standby
PE2
As shown in Figure 5-7, LACP is used to manage trunk links, which ensures that one
sub-group connected to one PE device is in the Active state and the other is in the Standby
state. In this manner, no loop occurs. At the same time, the MC-Trunk control protocol is
running between the two PE devices. The MC-Trunk control protocol is IP based, and is run
between two devices that back up each other to synchronize the trunk status. When one PE
device fails, the other PE can still access the Customer Premises Equipment (CPE). The CPE,
however, is still configured with the standard trunk, and does not have to support the
MC-Trunk. Therefore, the MC-Trunk configured on the two PE devices is transparent for the
CPE.
5.9 MC-APS
Automatic Protection Switching (APS) provides protection of three levels:
Interface-level protection
Two protected interfaces are located on the same LPU to implement interface-level
protection. In this manner, services will not be interrupted until both interfaces become
faulty.
Board-level protection
Two protected interfaces are located on two LPUs of the same router to implement
board-level protection. In this manner, services will not be interrupted until both LPUs
become faulty.
Device-level protection
Two protected interfaces are located on two devices to implement device-level protection.
In this manner, services will not be interrupted until both devices become faulty.
The CX600 supports APS in either 1:1 or 1+1 mode. It takes less than 50 ms for
interface-level and board-level APS, and less than 200 ms for device-level APS.

6 Service Features
6 Service Features
About This Chapter

6.1 Ethernet Features
6.2 IP Features
6.3 Routing Protocols
6.4 MPLS
6.5 VPN Features
6.6 IPTN Features
6.7 QoS Features
6.8 Load Balancing
6.9 Traffic Statistics
6.10 IP Compression
6.11 MSE Features
6.12 Security Features
6.13 Network Reliability
6.14 Clock
6.1 Ethernet Features

6.1.1 Switched Ethernet Features
6.1.2 Routed Ethernet Features
6.1.3 QinQ
6.1.4 RRPP Link Features
6.1.5 RSTP/MSTP
6.1.6 BPDU Tunnel

6 Service Features
6.1.1 Switched Ethernet Features

The Ethernet interfaces on the CX600 can run as switched interfaces to provide VLAN, VPLS,
and QoS services. They can also run on the User Network Interface (UNI ) side to support
MPLS VPN.
VLAN Trunk
A trunk is a P2P link between two routers. The interfaces on the connected routers are called
trunk interfaces. One VLAN trunk can transmit data flows from different VLANs and allow
the VLANs to contain the interfaces of many routers. The CX600 can dynamically add, delete,
or modify the VLANs of a VLAN trunk to maintain the consistency of VLAN configurations
in the entire network. The CX600 can also work with non-Huawei devices for interworking.
VLANIF Interfaces
The CX600 supports VLANIF interfaces. You can assign IP addresses to VLANIF interfaces
and bind VLANIF interfaces to VPNs. This implements the Layer 3 access of VLANIF
interfaces. You can also bind VSIs to VLANIF interfaces to implement the VPLS access.
VLAN Aggregation
Inter-VLAN routing is involved in the communication between VLANs. If each VLANIF
interface is assigned an IP address, IP address resources will be used up.
You can aggregate a group of VLANs to a super-VLAN. The VLANs in the super-VLAN are
called branch VLANs. A super VLAN is associated with an interface at the IP layer. In
addition, all branch VLANs in the super-VLAN use IP addresses in the same network
segment to improve the utilization of IP addresses.
Interface Isolation in a VLAN

You can configure an interface in a VLAN as an isolated interface. Layer 2 forwarding is
prohibited between isolated interfaces. Layer 2 forwarding, however, is allowed between an
isolated interface and a non-isolated interface in a VLAN.
On the CX600, you can add the interfaces that need to be isolated in a VLAN to different
interface groups. Any two interfaces of different interface groups are isolated from each other.
The interfaces outside the groups are not isolated.
Ethernet Sub-interfaces
The CX600 supports the configuration of sub-interfaces for a switched Ethernet interface. You
can configure Layer 3 services on the sub-interfaces and Layer 2 services on the main
interface. In this manner, the switched Ethernet interfaces can support both Layer 2 and Layer
3 services.
6.1.2 Routed Ethernet Features

The Ethernet interfaces on the CX600 can run as routed interfaces to provide IPv4/IPv6,
MPLS, QoS, and multicast services.
Routed Ethernet interfaces can be configured with sub-interfaces. The sub-interfaces support
VLAN encapsulation used to terminate a VLAN.

6 Service Features
Ethernet Sub-interfaces
A common Ethernet sub-interface, which can belong to a VLAN only, functions as follows:
Terminates enterprise services.
Supports complete routing protocols.
Supports MPLS forwarding.
Super-VLAN Sub-interfaces
A super-VLAN sub-interface, which can belong to multiple VLANs, functions to terminate
the individual users' services. It supports the following features to ensure security:
DHCP relay
DHCP binding
URPF
ACLs
6.1.3 QinQ
The QinQ protocol is a Layer 2 tunneling protocol based on the IEEE 802.1Q technology. The
QinQ technology expands the VLAN space by adding a new tag to a packet that is already
tagged through IEEE 802.1Q. The private VLAN packets are thus transparently transmitted
across the ISP network. Those functions the same as a Layer 2 VPN. The packets transmitted
in the public network carry double 802.1Q tags, one for the public network and the other for
the private network. This is called 802.1Q-in-802.1Q, or QinQ for short.
The ISP network only provides one VLAN ID for different VLANs from the same user
network. This saves VLAN IDs of an ISP. Meanwhile, QinQ provides a Layer 2 VPN solution
that is easy to implement for LANs or small-scale MANs.
The QinQ technology can be applied to multiple services in Metro Ethernet solutions. QinQ
features the following:
Packets from different users in the same VLAN are not transmitted transparently.
Private networks are separated from the public network.
The ISP's VLAN IDs are saved to the maximum.
Without being a formal protocol, QinQ is widely applied among carriers because it is easy to
implement. The introduction to selective QinQ (VLAN stacking ) makes QinQ more popular
among carriers. With the development of the Metro Ethernet, all device vendors have put
forward their Metro Ethernet solutions. The QinQ technology plays an important role in the
solutions because of its simplicity and flexibility.
The CX600 provides rich QinQ features, which satisfies diverse networking requirements.
Interface-based QinQ
Figure 6-1 shows the networking diagram of applying interface-based QinQ. A user
configures interface-based QinQ on the router. When the user's packets, carrying the user's
VLAN tag, arrive at the router, the router takes the user's packets as untagged packets and
adds a VLAN tag of the ISP outside the existing VLAN tag. The user's packets then go
through the VLAN tunnel of the ISP and reach the remote user. The VLAN tag of the ISP is
stripped from the packets.

6 Service Features
Figure 6-1 Networking diagram of applying interface-based QinQ
VLAN100
CX
100 100 300
ISP
Network
200 200 300
VLAN200
Interface-based QinQ provides the following functions:

Access to the VPLS to transparently transmit private VLAN packets
Access to the VLL and PWE3 to transparently transmit private VLAN packets
VLAN-based QinQ
VLAN-based QinQ is also called selective QinQ. Figure 6-2 shows the networking diagram
of applying selective QinQ. With the development of services such as broadband access, VoIP,
and IPTV services, ISPs may want to assign inner VLAN tags to different services. For
example:
VLANs 1000–1999: broadband access services
VLANs 2000–2999: VoIP services
VLANs 3000–3999: IPTV services

6 Service Features
Figure 6-2 Networking diagram of applying VLAN-based QinQ
iManager N2000
IP backbone/MAN VOIP access

VLAN200 VLAN3xxx
Broadband access
IPTV access
VLAN100 VLAN1xxx
VLAN300 VLAN2xxx
Service gateway
VLAN2001 VLAN2002
VLAN3001 VLAN3002
VLAN1001 LAN Switch VLAN1002
PVC1001
PVC2001
PVC3001
PC IPTV Videophone PC IPTV Videophone
Users access the DSLAM through multiple PVCs. The DSLAM transfers PVC IDs to VLAN
IDs. You can enable selective QinQ on the gateway to apply an outer VLAN tag with the
VLAN ID as 100 to broadband access services, an outer VLAN tag with the VLAN ID as 200
to VoIP services, and an outer VLAN tag with the VLAN ID as 300 to IPTV services. This
breaks the limit of 4094 VLAN IDs for one ISP network. In addition, services are distributed,
which facilitates the ISP's service management.
Services are distributed in one of the following ways:
Adds different outer VLAN tags based on VLAN ranges, that is, changes packets with a
single tag to packets with double tags. In this manner, services from different terminals
are distributed.
Adds different outer VLAN tags based on different protocol numbers, that is, adds a tag
to protocol packets. In this manner, services from different terminals are distributed.
Changes outer VLAN tags based on the range of inner VLAN tags, that is, replacing a
single tag with another tag. In this manner, services of different use types are distributed.
This is also called VLAN mapping.
VLAN-based QinQ may serve as one of the VPLS modes to allow packets of private VLANs
to be transmitted transparently through the backbone network. It may also serve as one of the
L2VPN or PWE3 modes to allow packets of private VLANs to be transmitted transparently
through the backbone network. Such a QinQ mode is implemented on switched interfaces.
The differences between VLAN-based QinQ and interface-based QinQ are as follows:
In interface-based QinQ mode, user packets from the same user side are added with the
same outer VLAN tag on the PE.

6 Service Features
In VLAN-based QinQ mode, user packets from the same user side are added with
different outer VLAN tags according to user's VLAN tags.
Therefore, VLAN-based QinQ is more flexible than interface-based QinQ. VLAN-based
QinQ is thus called selective QinQ.
VLAN Stacking
The early QinQ technology is used on switches on Layer 2 networks. With VLAN stacking,
packets are forwarded at Layer 2 by means of the outer VLAN tag. The outer VLAN usually
refers to the VLAN to which an ISP network belongs. VLAN stacking is usually applied on
switched interfaces.
The sub-interfaces for VLAN stacking are deployed on PEs. A sub-interface identifies a user
VLAN and then performs VLAN stacking to user's Layer 2 packets. After that, packets are
forwarded at Layer 2 by means of the outer VLAN tag.
With a sub-interface for VLAN stacking, packets from a batch of user VLANs can be
transparently transmitted. Packets enter an L2VPN based on their outer VLAN tag after
VLAN stacking is implemented. The outer VLAN tag is transparent to the ISP. User packets
from different VLANs can thus be transparently transmitted.
VLAN stacking support the following:
Access to the VPLS through the sub-interfaces for VLAN stacking
Access to the VLL/PWE3 through the sub-interfaces for VLAN stacking
QinQ Termination
Sub-interfaces for QinQ VLAN tag termination refer to the sub-interfaces that terminate the
double VLAN tags of users. The difference between the sub-interfaces for QinQ VLAN tag
termination and the sub-interfaces for VLAN stacking is as follows: For the sub-interfaces for
QinQ VLAN tag termination, a PE removes the double VLAN tags of user packets when they
enter the ISP network.
Double VLAN tags for users have specific meanings. For example, the outer VLAN tag
specifies a service and the inner VLAN tag specifies a user. Sub-interfaces for QinQ VLAN
tag termination access the user and identify the service by terminating double VLAN tags.
Sub-interfaces for QinQ VLAN tag termination are similar to common VLAN sub-interfaces.
In addition, sub-interfaces for QinQ VLAN tag termination are used to terminate double
VLAN tags and provide the following functions:
IP forwarding
L3VPN/PWE3/VLL/VPLS access
Proxy ARP
Unicast routing protocols
VRRP
DHCP server and DHCP relay
Sub-interfaces for QinQ VLAN tag termination terminate double VLAN tags in the following
ways:
Exact termination
Double VLAN tags of specified VLAN IDs are terminated.

6 Service Features
Fuzzy termination
Double VLAN tags of VLAN IDs in a specified range are terminated.
Compatibility of QinQ EType in the Outer Tag

As defined in 802.1Q, the value of the EType field in the Tag Protocol Identifier (TPID ) is
fixed to 0x8100. In QinQ encapsulation, the value of the EType field in the TPID in the inner
tag is 0x8100, irrespective of manufacturers. The value of the EType field in the TPID in the
outer tag, however, varies with the manufactures. To connect devices of different
manufacturers, the value of the Etype field in the TPID in the outer tag must be set to the
same. Thus, the devices should be able to identify and encapsulate such QinQ packets.
In IEEE 802.1ad, the value of the EType field in the TPID is defined as 0x88a8.
Figure 6-3 Compatibility of the EType field in the TPID in the outer tag of QinQ packets
100
0x9
0x9100 Switch A
IP/MPLS
Core
Router A 0x81
CX 00
Router C
As shown in Figure 6-3, the inbound interface on the router needs to identify the EType value
0x9100 in the outer TPID. The Etype values, such as 0x9100 and 0x8100, of different outer
TPIDs can be set for devices of different manufacturers so that devices of different
manufacturers can be set with the same Etype value in the outer TPID. This ensures
communication between devices of different manufacturers.
Application of Multicast QinQ

Figure 6-4 shows the networking diagram of applying multicast QinQ. The multicast router
PE1 and the access device PE2 are connected through interfaces enabled with QinQ. Users
from different VLANs are connected to PE2.

6 Service Features
Figure 6-4 Networking diagram of applying multicast QinQ
Internet
/Intranet PE1
Multicast
source QinQ(VLAN1)
PE2
VLAN2 VLAN3
No matter whether multicast data packets or multicast protocol packets are received, they are
not encapsulated by QinQ. Instead, their packets are transmitted according to the outer
P-VLAN IDs. In IGMP snooping, only the P-VLAN ID mapping to the user host is
maintained. In forwarding, the system searches the member host of the mapped multicast
group according to the P-VLAN ID and replaces the P-VLAN tag with the C-VLAN tag in
the packet for forwarding.
VLAN Swapping Based on QinQ

As shown in Figure 6-5, the data packets sent from the DSLAM to the UPE carry double
VLAN tags. The inner tag indicates the service VLAN and the outer tag indicates the
customer VLAN. The UPE, however, can only transmit packets by adding an outer tag to the
packet accessing the service VLAN and adding an inner tag to the packet accessing the
customer VLAN. To transmit data to correct VLANs, the UPE needs to swap the inner VLAN
tag with the outer VLAN tag in the packet. In this manner, the outer tag in the packet can
indicate the service VLAN and the inner tag can indicate the customer VLAN.
In this manner, when the UPE receives packets with double VLAN tags, the inner tag is
swapped with the outer tag. The VLAN tag swapping does not take effect on packets with a
single tag.

6 Service Features
Figure 6-5 Network diagram of the VLAN swapping feature based on QinQ
UPE PE-AGG
Metro
Ethernet
VLAN Swap Network
Service-POP
Service
VLAN/Customer Customet
VLAN VLAN/Service
VLAN
Service VLAN
RG RG
HSI VOIP IPTV HSI VOIP IPTV
6.1.4 RRPP Link Features

The Rapid Ring Protection Protocol (RRPP ) is a link layer protocol specially used for
Ethernet ring networks. When an Ethernet ring network is complete, RRPP can prevent
broadcast storms caused by data loops. When a link is disconnected, RRPP helps to quickly
enable the standby link and then recover the communication between nodes on the ring
network.

6 Service Features
Figure 6-6 Application of tangent RRPP rings in the MAN
RRPP Domain
Master
Node CX B
Edge Node
SwitchA RRPP Sub-Ring 1 Transit Node
RouterA
RRPP Major-Ring
CX C Master Node
Master Assistant Node
Transit Node
Node
RRPP Sub-Ring 2
SwitchB
An RRPP domain comprises of a group of switches that are mutually connected and
configured with the same domain ID and control VLAN. One RRPP domain consists of the
elements including the RRPP major ring and sub-ring, control VLAN, master node, transit
node, common port and edge port, and primary port and secondary port.
Polling Mechanism
Polling mechanism is used by the master node on an RRPP ring to detect the network status.
The master node periodically sends Hello packets from its primary port. The packets are then
transmitted through all transit nodes on the ring. If the secondary port on the master node can
receive the Hello packets, it indicates that the ring network is complete. If the Hello packets
are not received within a specified period, it indicates that a link fault occurs on the ring
network.
When the secondary port on the master node in the Failed state receives the Hello packets sent
from its primary port, the master node immediately changes to the Complete state, blocks the
secondary port, and refreshes the Forwarding Database (FDB ).
In addition, the master node sends packets from the primary port to notify all transit nodes to
unblock temporarily blocked ports and refresh FDBs.
Link Status Notification Mechanism

If a link on the ring fails, the port directly connected to the link becomes Down. The transit
node immediately sends a Link-Down packet to the master to report the change of the link
status.

6 Service Features
When the master node receives the Link-Down packet, the master node considers that the ring
fails so that it immediately opens the secondary port, and sends packets to notify other transit
nodes to refresh FDBs. After other transit nodes refresh their FDBs, the data stream is
switched back to the normal link.
If the faulty link is recovered, the port of the transit node changes to the Up state. In this case,
the transit node temporarily blocks the recovered port. The Hello packets sent by the master
node can pass through the temporarily blocked port.
When the secondary port on the master node receives the Hello packet from the primary port,
the master node considers that the ring recovers to the healthy status. The master node blocks
the secondary port and sends packets to notify all transit nodes to unblock temporarily
blocked ports and refresh FDBs.
Mechanism of Checking the Channel Status of Sub-ring Protocol Packets on the

Major Ring
This mechanism is used for the networking in which multiple sub-rings are crossed with the
major ring. When the major ring fails, all master nodes on sub-rings open their secondary
ports. In this case, the broadcast loop occurs among the sub-rings. To prevent this, the
mechanism of checking the channel status of sub-ring protocol packets on the major ring is
used.
This mechanism needs the cooperation of the edge nodes and assistant edge nodes. Before the
secondary port is opened, the master node of each sub-ring blocks the edge port of the edge
node; thus the data loop among sub-rings is prevented. The edge node is the initiator and
decision maker of the mechanism. The assistant edge node monitors the channel status and
informs the edge node of the channel status change in time.
6.1.5 RSTP/MSTP
The Rapid Spanning Tree Protocol (RSTP ) is an enhancement of the Spanning Tree Protocol
(STP ). RSTP simplifies the processing of the state machine, blocks some redundant paths
with specific algorithms, and reconstructs the network with loops to a loop-free network. In
this manner, the packets are prevented from increasing and infinitely looping. Compared with
STP, RSTP speeds up the Layer 2 loop convergence. In a Layer 2 network, only one Shortest
Path Tree (SPT ) is generated.
The Multiple Spanning Tree Protocol (MSTP ) is the multi-instance RSTP. MSTP supports the
running of STP based on one or more VLANs. In a Layer 2 network, multiple SPTs can be
generated.
6.1.6 BPDU Tunnel

BPDUs are Layer 2 protocol packets and are transparently transmitted through a Layer 2
protocol tunnel or a BPDU tunnel across an ISP network.
To transparently transmit BPDUs across an ISP network, the following requirements should
be met:
Each branch of the same user network can receive its own BPDUs.
The BPDUs of a user network cannot be processed by the CPU of devices on the ISP
network.
BPDUs of different user networks must be isolated, so the BPDUs are freed from
interference.

6 Service Features
The CX600 supports the transparent transmission of the following BPDUs:

Interface-based BPDUs
VLAN-based BPDUs
QinQ-based BPDUs
6.2 IP Features
6.2.1 IPv4/IPv6 Dual Stack
6.2.2 IPv4 Features
6.2.3 IPv6 Features
6.2.4 GRE
6.2.5 IPv4/IPv6 Transition Technologies
6.2.1 IPv4/IPv6 Dual Stack

The IPv4/IPv6 dual stack features good interoperability and easy implementation. Figure 6-7
shows the structure of the IPv4/IPv6 dual stack.
Figure 6-7 Structure of the IPv4/IPv6 dual stack
IPv4/IPv6 Application
TCP UDP
IPv4 IPv6
Link Layer
6.2.2 IPv4 Features

The CX600 supports the following IPv4 features:
TCP/IP protocol suite, including ICMP, IP, TCP, UDP, socket (TCP/UDP/Raw IP ), and
ARP
Static DNS and DNS server
FTP server/client and TFTP client
DHCP relay agent and DHCP server
Ping, tracert, and NQA
NQA can probe the status of ICMP, TCP, UDP, DHCP, FTP, HTTP, and SNMP services
and test the response time of the services. The system supports NQA in UDP jitter and
ICMP jitter tests by transmitting and receiving packets on LPUs. The minimum

6 Service Features
frequency for transmitting packets can be 10 ms. Each LPU supports up to 100
concurrent jitter tests. The entire system supports up to 1000 concurrent jitter tests.
IP policy-based routing to specify the next hop based on the attribute of packets without
searching routes in the routing table
6.2.3 IPv6 Features

The CX600 supports the following IPv6 features:
IPv6 neighbor discovery (ND )
Path MTU (PMTU ) discovery
TCP6, ping IPv6, tracert IPv6, and socket IPv6
Static IPv6 DNS and specified IPv6 DNS server
TFTP IPv6 client
IPv6 policy-based routing
6.2.4 GRE
Generic Routing Encapsulation (GRE) is used to encapsulate packets of a network layer
protocol (such as IPX or IP) so that the encapsulated packets can be transmitted over the
network on which another network layer protocol (such as IP) is applied.
As a Layer 3 tunnel protocol for VPNs, GRE uses the tunneling technology. A tunnel can be
taken as a virtual interface that supports only P2P connections. The tunnel interface provides a
tunnel for datagram forwarding and the packets are encapsulated and decapsulated at both
ends of the tunnel.
GRE is applied in the following situations.
Multi-Protocol Local Network Transmission Through the Single-Protocol

Backbone Network
Figure 6-8 Multi-protocol local network transmission through the single-protocol backbone
network
Novell IPX Novell IPX

group 1 group 2
Internet
Tunnel
IP CX A CX B IP
term 1 term 2
In Figure 6-8, group 1 and group 2 are local networks running Novell IPX. Team 1 and team 2
are local networks running the IP protocol.

6 Service Features
The tunnel between CX A and CX B adopts the GRE protocol; therefore, group 1
communicates with group 2 without affecting the communication between team 1 and team 2.
Enlarging the Operation Scope of the Network with Limited Hops
Figure 6-9 Enlarging the network operation scope
IP network
IP network
IP network
Tunnel
PC PC
In Figure 6-9, the IP protocol runs in the network. Assume that the IP protocol allows a
maximum number of 255 hops. If the hop count between two PCs is greater than 255, PCs
cannot communicate. When the tunnel is used in the network, a few hops are hidden. This
enlarges the scope of the network operation.
Connecting Some Discontinuous Sub-Networks to Establish a VPN

GRE tunnels can be used to connect discontinuous sub-networks to implement the VPN
across a WAN.
For example, two VPN sub-networks, Site 1 and Site 2 are in two different cities. By setting
up a GRE tunnel between the PEs, you can connect the two sub-networks to a continuous
VPN network.
GRE can be applied in L2VPNs and L3VPNs. There are two modes:
In the CPE-based VPN, the two ends of the GRE tunnel reside on CEs, as shown in
Figure 6-10.
Figure 6-10 Networking diagram of applying GRE in a CPE-based VPN
GRE tunnel
VPN VPN
site1 VPN site2
backbone
CE PE PE CE
In the network-based VPN, the two ends of the GRE tunnel reside on PEs, as shown in
Figure 6-11.

6 Service Features
Figure 6-11 Networking diagram of applying GRE in a network-based VPN
VPN
backbone
VPN VPN
site1 GRE tunnel
site2
CE PE PE CE
Usually, the MPLS VPN backbone network uses label switched paths (LSPs) as the public
network tunnel. If the core router (P) in the backbone network, however, provides only the IP
function without MPLS, whereas the PE at the network edge has the MPLS functions, the
LSP cannot be used as the public network tunnel. Then, you can use the GRE tunnel instead
of the LSP to provide Layer 3 or Layer 2 VPN solutions in the core network.
CEs Accessing an MPLS VPN Through GRE Tunnels

The VPN services based on the MPLS backbone network are better than the traditional
L3VPN services. Therefore, most ISPs tend to choose the MPLS VPN technology. The
Internet, however, is based on the IP technology and a great number of backbone networks
based on the IP technology still exist.
In the MPLS VPN, to access a CE to the VPN, a physical link is needed to directly connect
the CE to the PE in the MPLS backbone network, that is, the CE and the PE must be in the
same network. In this networking, you must associate the VPN with the PE physical interface
that is connected to the CE.
In actual networking, not all the CEs and PEs can be directly connected through physical links.
For example, for multiple institutions that are connected to the Internet or the IP backbone
network, their CEs and PEs are geographically dispersed. In this case, the CEs cannot directly
access the PEs in the MPLS backbone network. These institutions cannot directly access the
sites inside the MPLS VPN through the Internet or the IP backbone network.
Figure 6-12 CEs accessing the MPLS VPN backbone network through the backbone network
based on the IP technology
IP MPLS
VPN network VPN
network Site
Site
CE PE PE CE
To connect a CE to the MPLS VPN, you can create a logically direct connection between the
CE and the PE. That is, you can connect the CE and the PE by using the public network or
private network, and create a GRE tunnel between the CE and the PE. Then, the CE and the
PE can be regarded as being directly connected. When associating the VPN with the PE
interface that is connected to the CE, you can regard the GRE tunnel as a physical interface.

6 Service Features
6.2.5 IPv4/IPv6 Transition Technologies

IPv6 over IPv4 Tunnel
As shown in Figure 6-13, the IPv6 over IPv4 tunnel technology is used for the transition from
the IPv4 network to the IPv6 network.
Figure 6-13 Networking diagram of applying the IPv6 over IPv4 tunnel technology
Dual Stack Dual Stack

Router Router
IPv4
IPv6 IPv6
Tunnel
IPv6 host IPv6 host

IPv6 Header IPv6 Data
IPv6 Header IPv6 Data
IPv4 Header IPv6 Header IPv6 Data
The CX600 supports the following IPv6 over IPv4 tunnels:

Manually configured IPv6 tunnel
In this mode, the IPv6 tunnel is manually configured on the two edge routers at both
ends of the tunnel. The source and destination IPv4 addresses of the tunnel are
configured manually. The tunnel is equivalent to a permanent link between two IPv6
domains over an IPv4 backbone network. The tunnel is used for regular and secure
communication between two edge routers on isolated IPv6 sites.
IPv6 over IPv4 GRE tunnel
The IPv6 traffic can be carried over IPv4 GRE tunnels. When carrying the IPv6 traffic,
the IPv4 GRE tunnels are called IPv6 over IPv4 GRE tunnels (GRE tunnels for short).
The same as the manually configured IPv6 over IPv4 tunnel, a GRE tunnel is a link
between two nodes, with a separate tunnel for each link. The tunnels carry IPv6 as the
passenger protocol and GRE as the carrier protocol.
Automatically configured IPv4-compatible IPv6 tunnel (automatic tunnel for short)
An IPv4-campatible IPv6 address is needed when an IPv6 over IPv4 automatic tunnel is
created. The low order 32 bits of an IPV4-compatible IPv6 address are an IPv4 address.
It is used to identify the destination address of the automatic tunnel.
To create an automatic tunnel, you need to specify only the source address of the tunnel
on an edge router or a host. The destination address of the tunnel can be automatically
identified based on the next hop address (an IPv4-compatible IPv6 address) of IPv6
packets.
6 to 4 tunnel
A 6 to 4 tunnel connects isolated IPv6 islands to the IPv6 Internet over an IPv4 network.
The difference between the 6 to 4 tunnel and the manually configured tunnel is that the
former can be a point-to-multipoint (P2MP) connection, whereas the latter is a P2P
connection. Therefore, routers of the 6 to 4 tunnel are not configured in pairs. Similar to
the automatic tunnel, the 6 to 4 tunnel can automatically search the other end of the
tunnel. It need not be configured with an IPv4-compatible IPv6 address. The 6 to 4
tunnel uses a type of special IPv6 address, that is, 6 to 4 address.

6 Service Features
IPv4 over IPv6 Tunnel

In the post-phase of the transition from the IPv4 network to the IPv6 network, a great number
of IPv6 networks are constructed. Then, the isolated IPv4 sites may emerge. It is
uneconomical to connect the isolated sites through the dedicated lines. With the tunneling
technology, tunnels can be created in the IPv6 network; thus the isolated IPv4 sites can be
interconnected. This is similar to the VPN deployment in the IP network with tunneling. The
tunnels that are used to connect the isolated IPv4 sites, in the IPv6 network, are called IPv4
over IPv6 tunnels.
To set up IPv4 over IPv6 tunnels, the IPv4/IPv6 dual stack needs to be enabled on the router
at the edge of the IPv6 network and the IPv4 network.
Figure 6-14 Networking diagram of the IPv4 over IPv6 tunnel
Dual Stack Dual Stack

Router Router
IPv4 IPv6 network IPv4
network network
IPv4 IPv4 over IPv6 Tunnel IPv4

Host Host
IPv6 Header
IPv4 Header IPv4 Header
IPv4 Header
IPv4 Payload IPv4 Payload
IPv4 Payload
6PE
The IPv6 Provider Edge (6PE) router allows communications between the IPv6 isolated CE
routers over the IPv4 network. Figure 6-15 shows the networking diagram. with 6PE routers,
ISPs can provide access services for the IPv6 network of isolated users over the existing IPv4
backbone network.

6 Service Features
Figure 6-15 6PE network topology
6PE 6PE
Router Router
IPv4/MPLS
IBGP
CE CE
PE
IPv6 IPv6
Customer site Customer site
The 6PE router labels IPv6 routing information and floods the information onto the ISP's IPv4
backbone network through Internal Border Gateway Protocol (IBGP) sessions. The IPv6
packets are labeled before flowing into tunnels on the backbone network. The tunnels can be
GRE tunnels or MPLS LSPs.
The IGP protocol used on the ISP network can be OSPF or IS-IS, and the protocol used
between CE routers and 6PE routers can be a static routing protocol, an IGP, or EBGP.
When ISPs want to extend their IPv4/MPLS networks with IPv6 traffic exchange capability,
they can just update the PE router. Therefore, using the 6PE feature as an IPv6 transition
mechanism is a cost-effective solution for ISPs.
6.3 Routing Protocols

The CX600 supports various unicast and multicast routing protocols; thus different
networking requirements are satisfied.
6.3.1 Unicast Routing
6.3.2 Multicast Routing
6.3.1 Unicast Routing

The CX600 supports the following unicast routing features:
IPv4 routing protocols: RIP, OSPF, IS-IS, and BGPv4
IPv6 routing protocols: RIPng, OSPFv3, IS-ISv6, and BGP4+
Static routes to simplify network configuration and improve network performance
Large-capacity routing table to support MAN operation effectively
Routing policy to select the optimal route
Provides BGP indirect next hop
6.3.2 Multicast Routing

The CX600 supports multicast. This saves network bandwidth and reduces network load.

6 Service Features
Basic Multicast Functions

The CX600 provides the following multicast functions:
Multicast protocols: Internet Group Management Protocol (IGMP), Protocol
Independent Multicast-Dense Mode (PIM-DM) and Protocol Independent
Multicast-Sparse Mode (PIM-SM), Multicast Source Discovery Protocol (MSDP), and
Multi-protocol Border Gateway Protocol (MBGP).
RPF check: When a router creates and maintains multicast routing entries, it performs
Reverse Path Forwarding (RPF) check to ensure that the multicast data is transferred
along the correct path.
PIM-SSM: If the multicast source is specified, a host can join the multicast source
directly, without registering with the Rendezvous Point (RP).
Anycast RP: Multiple RPs can exist in a domain and they are configured as MSDP peers.
A multicast source can choose the nearest RP for registration, and the receiver can also
choose the nearest RP to join its shared tree. In this manner, load balancing is carried out
among the RPs. When a certain RP fails, its previous registered sources and receivers
choose another nearest RP instead. This implements the backup of RPs.
IPv6 multicast routing protocols: PIM-IPv6-DM, PIM-IPv6-SM, and PIM-IPv6-SSM.
MLD: MLD is used to set up and maintain the member relationship of groups between
hosts and their directly connected multicast routers. The functions and principles of
MLD are the same as those of the IGMP. MLD has the follow versions:
− MLDv1
MLDv1 is defined in RFC 2710 and derived from IGMPv2. MLDv1 supports the
Any-Source Multicast (ASM) model. With the help of SSM mapping, MLDv1 can
support the Source-Specific Multicast (SSM) model.
− MLDv2
MLDv2 is defined in RFC 3810 and derived from IGMPv3. MLDv2 supports the
ASM and SSM models.
Multicast static routes.
Configuration of multicast protocols on physical interfaces such as Ethernet and POS
interfaces, and IP-Trunk and Eth-Trunk interfaces.
When receiving, importing, and advertising multicast routes or forwarding IP packets,
the multicast routing module can filter routes or packets based on routing policies.
Multicast VPN: The CX600 adopts the Multicast Domains (MD) scheme to implement
centralized processing.
Addition and deletion of dummy entries.
IGMP Snooping
The CX600 supports IGMP snooping for Layer 2, Layer 3, and QinQ interfaces, VPLS PW,
STP, and RRPP.
IGMP snooping listens to the IGMP messages between routers and hosts and sets up the Layer
2 forwarding table for multicast data packets. In this manner, IGMP snooping controls and
manages the forwarding of multicast data packets to carry out Layer 2 multicast.
IGMP snooping aims to control the flooding of multicast flows, forward packets as required,
and save network resources. For the interface that joins a multicast group without transmitting
IGMP Report messages for application, the device does not send the multicast flow to the
interface.

6 Service Features
Flow Control of Multicast Traffic

Unknown multicast packets refer to those packets for which no forwarding entries are found
in the multicast forwarding table. The CX600 supports the following measures to process the
unknown multicast packets:
Discards the packets directly after receiving them.
Broadcasts the packets in the VLAN to which the receiving interface belongs.
To control multicast traffic, the CX600 also supports the limit to the maximum percentage of
multicast traffic on Ethernet interfaces.
Multicast VLAN
Multicast VLAN refers to the VLAN that converges multicast flows. When users need certain
multicast flows, they send a request to the multicast VLAN. Then, the multicast VLAN
replicates the multicast packets to different user VLANs. This implements the function of
multicast across VLANs.
The CX600 forwards multicast packets through the multicast VLAN and replicates the
packets based on the multicast routing entries. Then, the CX600 sends these packets to the
VLANs of different users. Using the multicast VLAN, the CX600 can converge the multicast
flows of different user VLANs to one or several specified VLANs.
Multicast across VLANs enables the CX600 to send unicast and multicast packets across
different VLANs. This facilitates the management and control of multicast flows. This can
also save bandwidth resources and improve the network security.
1+1 Protection of Multicast Traffic

1+1 protection of multicast traffic is implemented through the multicast across the VLANs.
The Internet Context Provider (ICP) replicates and sends the multicast packets to two
multicast VLANs. The multicast packets and Continuity Check Messages (CCMs) for
detecting the link status in those two multicast VLANs are then forwarded to the CX600 on
the user side. The CX600 on the user side determines the link status based on the CCMs
received and specifies a multicast VLAN in the good link state to receive multicast packets.
At present, the CX600 supports only 1+1 protection of multicast traffic in VLANs.
Multicast VPN
With wide applications of Virtual Private Network (VPN), the requirements of users for
operating multicast services over VPNs are increasingly stringent. The CX600 adopts the MD
solution to implement multicast transmission over VPNs.
For details, see Section "6.5 VPN Features."
Multicast CAC
The CX600 supports multicast Call Admission Control (CAC). When multicast CAC rules are
configured, the number of multicast groups and bandwidth are restricted for IGMP snooping
on interfaces or the entire system.
Multicast CAC is part of the IPTV multicast solutions. With the development of the IPTV, the
number of program channels is bursting. The bandwidth of the access and convergence
network no longer satisfies the bandwidth requirements of users. The previous static

6 Service Features
management is thus outdated. In this manner, the number of users allowed to access each link
must be set on the convergence network.
Multicast CAC restrains the generation of multicast forwarding entries. When the set
threshold is reached, no more forwarding entries are generated. This ensures the processing
capacity of the device and controls link bandwidth.
6.4 MPLS
6.4.1 Basic Functions
6.4.2 MPLS TE
6.4.3 MPLS OAM
6.4.1 Basic Functions

The CX600 supports MPLS, static and dynamic LSPs. Static LSPs require that the
administrator configure the Label Switch Routers (LSRs ) along the LSPs and set up LSPs
manually. Dynamic LSPs are set up dynamically in accordance with the routing information
through Label Distribution Protocol (LDP ) and Resource Reservation Protocol (RSVP-TE ).
The CX600 supports the following MPLS functions:
Basic MPLS functions, forwarding, and LDP
LDP distributes labels, sets up LSPs, and transfers parameters used for setting up LSPs.
LDP
− DU and DoD label distribution modes
− Independent label distribution control and sequential label control modes
− Liberal retention and conservative retention modes
− Maximum number of hops and path vector
MPLS ping and tracert
MPLS Echo Request packets and MPLS Echo Reply packets are transmitted to detect the
availability of an LSP.
Traffic statistics for LSPs
LSP loop detection mechanism
MPLS QoS, mapping of the ToS field in IP packets to the EXP field in MPLS packets,
and MPLS uniform, pipe, and short pipe modes
Static configuration of LSPs and label forwarding based on traffic classification
MPLS trap
The CX600 can serve as a Label Edge Router (LER ) or an LSR.
An LER is an edge device on the MPLS network to connect other networks. It classifies
services, distributes labels, encapsulates or removes multi-layer labels.
An LSR is a core router on the MPLS network. It switches and distributes labels.

6 Service Features
6.4.2 MPLS TE
Network congestion lowers the performance of the backbone network. The congestion may be
caused by insufficient resources or unbalanced load of network resources. Traffic Engineering
(TE ) is introduced to address the congestion caused by unbalanced load of network resources.
The MPLS TE technology integrates the MPLS technology with traffic engineering. It can
reserve resources by setting up the LSP tunnels to a specified path in an attempt to avoid
network congestion and balance network traffic.
In the case of resource scarcity, MPLS TE can preempt bandwidth resources of the LSPs with
low priorities. This meets the demands of the LSPs with large bandwidth or for important
services. In addition, when an LSP fails or a node is congested, the MPLS TE can protect the
network communication through the backup path and the fast reroute (FRR ) function.
MPLS TE provides the following functions:
Processing of static LSPs
MPLS TE creates and deletes static LSPs, which require bandwidth but are manually
configured.
Processing of Constrained Route-Label Switched Path (CR-LSP )
MPLS TE processes various types of CR-LSPs.
The processing of static LSPs is easier. CR-LSPs are classified into the types described in the
following sections.
RSVP-TE
RSVP is designed for the Integrated Service (IntServ ) model and used on each node of a path
for resource reservation.
To put it simply, RSVP has the following characteristics:
Unidirectional.
Receiver-oriented: The receiver initiates a request for resource reservation and maintains
the resource reservation information.
It uses a soft state mechanism to maintain the resource reservation information.
RSVP, after being extended, can support MPLS label distribution. It carries resource
reservation information when transmitting label-binding message. The extended RSVP is
called RSVP-TE, used as a signaling protocol to establish LSPs in MPLS TE.
Auto Route
In auto routes, LSPs participate in IGP route calculation as logical links. The tunnel interface
is taken as the outbound interface of packets. In this manner, LSPs are considered as P2P links.
The following describes two types of auto routes:
IGP shortcut: The LSP is not advertised to the neighboring router. So, other routers
cannot use this LSP.
Forwarding adjacency: The LSP is advertised to the neighboring router. So, other routers
can use this LSP.

6 Service Features
Fast Reroute
FRR is a technology in MPLS TE to implement the partial protection of the network. The
switching speed of FRR can reach 50 milliseconds. This minimizes data loss when the
network fails.
FRR is only a temporary protection method. When the protected LSP becomes normal or a
new LSP is established, the traffic is switched back to the original LSP or the newly
established LSP.
After an LSP is configured with FRR, traffic is switched to its protection link and the ingress
node of the LSP attempts to establish a new LSP when a link or a node on the LSP fails.
Auto FRR
The FRR technology requires that when configuring a protected tunnel, you must configure a
bypass tunnel to bind to it. When a link or a node is Down, the data flow can be automatically
switched to the bypass tunnel.
In the FRR protection, the bypass LSP must be configured manually. If it is not configured,
the protected LSP cannot be protected. The Auto FRR can solve the preceding problem.
Auto FRR is an extension of MPLS TE FRR. Bypass LSPs can be automatically set up along
the LSP after you configure the attributes of bypass LSPs, global Auto FRR attributes, and
Auto FRR attributes of the interface. In addition, when the primary LSP changes, the original
bypass LSPs can be automatically deleted and new bypass LSPs are set up.
CR-LSP Backup
The LSP that is used to protect the primary LSP in the same tunnel is called the backup LSP.
When the ingress detects that the primary LSP is unavailable, it switches traffic to the backup
path. After the primary LSP recovers, traffic is switched back to the backup LSP. In this
manner, the traffic on the primary LSP is protected.
The CX600 supports the following methods of backup:
Hot backup: The backup CR-LSP is established immediately after the primary CR-LSP
is established. When the primary CR-LSP fails, MPLS TE switches traffic immediately
to the backup CR-LSP.
Ordinary backup: The backup CR-LSP is established when the primary CR-LSP fails.
LDP over TE
In existing networks, not all devices support MPLS TE. Only the devices in the core of the
network support TE and the devices at the network edge use LDP. The application of LDP
over TE is then put forward. The TE tunnel is considered as a hop of the entire LDP LSP.
LDP is widely used in MPLS VPNs. To prevent the congestion of VPN traffic on certain
nodes, you can configure LDP over TE.
Figure 6-16 Networking diagram of applying LDP over TE

错误！
错误！未指定文件名。
未指定文件名。
Figure 6-16 shows an MPLS VPN networking where LDP is used as the signaling protocol.

6 Service Features
As the PE routers, CX1 and CX6 discover that the link between R2 and R3 is rather congested
after a large number of users access. This happens because the traffic between CX1 and CX6
must pass through this link. The link between R2 and R4 is idle. The LSP, however, cannot
use the link between R2 and R4 because the IGP cost of this link is high.
In this case, you can establish a TE tunnel passing through R4 between R2 and R5, and adjust
the metric of the IGP shortcut or forwarding adjacency. Thus, there are two routes carrying
out load balancing for R2:
Route between physical interfaces connecting R2 and R3
Route between TE tunnel interfaces connecting R2 and R5
In this manner, LDP establishes the LSPs for load balancing to allow traffic to go through the
idle link.
6.4.3 MPLS OAM

MPLS supports different Layer 2 and Layer 3 protocols such as IP, FR, ATM, and Ethernet.
MPLS offers an OAM mechanism totally independent of any upper or lower layer and
provides the following features on the MPLS user plane:
Detects the LSP connectivity.
Measures the network utility and performance.
Carries out switchover against link failure to offer services according to the Service
Level Agreements (SLAs ) signed with customers.
With the MPLS OAM mechanism, the router can detect, identify, and locate a default on the
MPLS layer effectively. Then, the default is reported and processed. In addition, when a
failure occurs, the protection switchover can be triggered.
MPLS OAM provides the following functions:
MPLS OAM detection
MPLS OAM sends CV/FFD and BDI packets along the LSPs to be detected and the
reverse channels between the LSP ingress and egress to detect the connectivity.
Figure 6-17 Networking diagram of applying MPLS OAM
CV
FD /F
FD
/F
CV
Ingress Egress
LSR LSR
BD I
I BD
OAM auto protocol function

Protection switching
1:1, 1+1, sharing protection, and packet-level protection are supported.

6 Service Features
6.5 VPN Features

6.5.1 Tunnel Policy
6.5.2 VPN Tunnel
6.5.3 MPLS L2VPN
6.5.4 BGP/MPLS L3VPN
6.5.5 L2VPN Accessing L3VPN
6.5.6 VPN QoS
6.5.1 Tunnel Policy

A tunnel policy is used to select a tunnel based on the destination IP address. An application
selects tunnels according to the tunnel policy. If no tunnel policy is configured, the tunnel
management module selects tunnels according to the default policy.
The CX600 supports the following types of tunnel policies:
With the tunnel policy in select-sequence mode, you can specify the sequence in which
the tunnel types are used and the number of tunnels carrying out load balancing. For a
tunnel policy in select-sequence mode, tunnels are selected in sequence. If a tunnel listed
earlier is Up, it is selected regardless of whether other services have selected it. The
tunnels listed later are not selected except in cases of load balancing or when the
preceding tunnels are Down.
VPN tunnel binding refers to the binding of the peer PE on a VPN to an MPLS TE
tunnel on the PE of the VPN backbone network. The VPN data to the peer PE is always
transmitted through the bound TE tunnel. It carries only specified VPN services rather
than other VPN services. This guarantees the QoS of the specified VPN services.
6.5.2 VPN Tunnel

The CX600 supports the following types of VPN tunnels:
LSP
When a label is distributed to an FEC on the LSP ingress, traffic is transparently
forwarded along the transit nodes of the LSP according to the label. In this manner, an
LSP can be considered as an LSP tunnel.
GRE tunnel
If the PE router at the edge of the ISP network supports MPLS, whereas the P router
supports only IP, an LSP cannot be used as the public tunnel. In this case, a GRE tunnel
can be used on the VPN backbone network.
TE tunnel
When reroute is configured or traffic is forwarded through multiple paths, multiple LSPs
may be needed. In TE, this set of LSPs is called a TE tunnel. The TE tunnel is identified
by the tunnel ID and LSP ID. The tunnel ID is used to uniquely define a TE tunnel.
6.5.3 MPLS L2VPN

The CX600 provides Layer 2 VPN (L2VPN) services on an MPLS network. This allows the
ISP to provide L2VPNs over different media.

6 Service Features
VLL
Figure 6-18 shows the networking of a VLL supported by the CX600.
Figure 6-18 Networking diagram of a VLL
Support dynamic Martini/Kompella L2VPN

Support static CCC/SVC L2VPN
VPN2 site3 Support access to the MPLS

L2VPN through PPP, HDLC, ATM,
VPN1 site1 PE
Eth/VLAN, and Q-in-Q
VPN2 site2 PE
Support interworking
MPLS network
PE VPN1 site3
VPN1 site2
PE-ASBR
VPN2 site2
PE
Support inter-AS
solutions:
VRF-to-VRF
MP-Multihop EBGP
PE-ASBR
Support MPLS VPN over GRE

and MPLS VPN over TE tunnel
Provide the VPN manager

to manage VPNs among
VPN3 site1 VPN3 site2 devices of different vendors
VLL in Martini mode

The Martini mode uses double labels. The inner label uses the extended LDP as the
signaling protocol to transmit information. The Martini mode conforms to RFC4096.
In the Martini draft, LDP is extended by adding an FEC type (VC FEC) for exchanging
VC labels. In addition, if the two PEs that exchange VC labels are not directly connected,
a remote LDP session must be created on which the VC FEC and the VC label are
transmitted. The PEs assigns a VC label to each connection between CEs. The VLL
information that carries the VC label is forwarded to the peer PE of the remote session
through the LSP set up through LDP. In this manner, a VC LSP is set up on the ordinary
LSP.
VLL in Kompella mode
The VLL in Kompella mode is similar to the Layer 3 BGP/MPLS VPN defined in RFC
2547. They adopt BGP as the switching signaling. Similar to the MPLS L3VPN, the
VLL adopts BGP as the signaling protocol to transmit Layer 2 information and VC labels.
It implements VLL in end-to-end (CE-to-CE) mode in the MPLS network. In the VLL,

6 Service Features
PEs automatically discover the VLL nodes by creating BGP sessions. Similar to the
BGP/MPLS VPN, the VLL in Kompella mode also uses VPN targets to control the
sending and receiving of the VPN route, which makes the networking flexible.
The VLL in Kompella mode can support inter-AS VPN solutions.
VLL in CCC mode
Circuit Cross Connect (CCC) is a technique to implement VLL through static
configurations.
Different from the common VLL, a CCC VLL adopts one label to transmit user data.
Thus, CCC must use LSPs exclusively. The CCC LSP can be used to transmit the data of
only this CCC rather than other VLL links. The LSP also cannot be used in the
BGP/MPLS VPN or to bear common IP packets.
For CCC connections, static LSPs need not be configured for PE routers. If two PE
routers are not directly connected, however, a static LSP must be configured on the
transit routers.
VLL in SVC mode
An SVC VLL is similar to a Martini VLL. But it does not use LDP as the signaling
protocol for transmitting Layer 2 VC labels and link information. VC labels are
configured manually.
PWE3 IP-interworking
If two CEs access the same VLL through different types of links, the PWE3
IP-interwoking feature is required.
draft-kompella-ppvpn-l2vpn-03 recommends that when a VLL is set up, the VLL
interface is encapsulated with ip-interworking on the PE to transparently transmit Layer
3 data, that is, IP packets, in the MPLS network.
When the VLL interworking feature is adopted:
− VLL interfaces of PEs at both ends must be encapsulated with IP-interworking.
− The PEs begin to establish a VLL connection after VC interfaces become Up.
− The PEs allow VLL forwarding when a VLL connection is established. In this case,
the system considers the physical link for transparent transmission available,
irrespective of whether the status of the link layer protocol is Up or Down.
− After both the AC and VLL tunnel become Up, the CEs on both ends can transmit
and receive IP packets.
After a VLL connection is established, the IP packets are processed as follows:
− After receiving an IP packet from the CE, the PE decapsulates the link layer
encapsulation and transmits the IP packet across the MPLS network.
− The IP packet is transparently transmitted to the peer PE across the MPLS network.
− The peer PE re-encapsulates the IP packet according to its link layer protocol and
transmits the packet to its directly connected CE.
− The link control packet sent by the CE is processed by the PE without entering the
MPLS network.
− All non-IP packets such as MPLS and IPX packets are discarded without entering the
MPLS network..
Inter-AS VLL
The implementation of an inter-AS VLL depends on the actual environment. In CCC
mode, the label is of a single layer. Therefore, the inter-AS can be implemented after a
static LSP is set up between ASBRs. The following describes the implementation of an
inter-AS VLL in comparison with the three methods of implementing an L3VPN.

6 Service Features
− The SVC, Martini, and Kompella modes can implement the inter-AS VLL Option A
(VRF-to-VRF). In an inter-AS VLL network, the link type between the ASBRs must
be the same as the VC type. In inter-AS Option A, each ASBR must reserve a
sub-interface for each inter-AS VC. If the number of inter-AS VCs is small, Option A
can be used. Compared with the L3VPN, the inter-AS Option A of the VLL consumes
more resources and requires more configuration workload, which is not
recommended.
− Option B requires the exchange of both the inner label and the outer label on the
ASBR. Therefore, Option B is not suitable for the VLL.
− Option C is a better solution. The devices on the ISP network only need to set up the
outer tunnel on PEs in different ASs. The ASBR does not need to maintain
information about the inter-AS VLL or provide interfaces for the inter-AS VLL. The
VLL information is exchanged only between PEs. Thus, the resources consumption
and the configuration workload decrease.
VPLS
Figure 6-19 shows the networking of VPLS. Several virtual switches (VSs) can be created on
a PE router. VSs on different PE routers form an L2VPN. LANs at the user end can access the
L2VPN through VSs. In this manner, users can expand their own LAN over the WAN. VPLS
can be taken as the VS across public networks. Like L3VPN, it establishes LSPs on public
networks for traffic transmission.
Figure 6-19 VPLS networking
VLAN1 VS1 VS1 VLAN1
VLAN2 VS2 VS2 VLAN2

PE PE
VS1 VS2 PE
VLAN1 VLAN2
VPLS requires that users access the network through Ethernet links. It forwards packets
according to the VLAN ID. For communication with remote users, a Virtual Channel (VC)
that can traverse the public network is established between PE routers, and the VC is
associated with the VLAN ID. Users communicate with each other over the Layer 2 tunnel
through the VC. The VLAN ID is used to identify the users' VPN.
When establishing a VC, the PE router allocates double labels to the VC. The outer label is
the MPLS LSP label of the public network and is allocated by LDP or RSVP-TE. The inner

6 Service Features
label is the VC label and is allocated after the negotiation between the remote LDP sessions
on loopback interfaces.
The CX600 supports the following networking models:
QinQ VPLS
QinQ is a tunnel protocol based on IEEE 802.1Q. In QinQ, the VLAN tag of private
networks is encapsulated in the VLAN tag of public networks. The packets carry double
tags when being transmitted across the ISP's backbone network. This saves VC resources
and provides users with an L2VPN tunnel easy to implement.
H-VPLS
VPLS requires that PE routers forward Ethernet frames through the full-mesh Ethernet
emulation circuit or Pseudo-Wire (PW). Therefore, all PE routers must be connected to
each other in the same VPLS. If there are N PEs in a VPLS network, the VPLS has N x
(N - 1)/2 connections. When the number of PEs increases, the number of VPLS
connections increases by N^2.
Hierarchical Virtual Private LAN Service (H-VPLS) is thus introduced to address the
full-mesh VPLS.
Figure 6-20 shows the H-VPLS model.
Figure 6-20 H-VPLS model
CE Basic VPLS Full Mesh
SPE
AC PW
SPE
PW
PW
UPE PW
AC
SPE
CE
In a basic H-VPLS model, PEs can be divided into the following types:
− UPE
It is a convergence device that is directly connected to a CE. The UPE needs to be
connected to only one PE in a full-mesh VPLS network. The UPE supports routing
and MPLS encapsulation.
If a UPE is connected to multiple CEs and possesses the basic bridge function, frame
forwarding is performed only on the UPE. This reduces the burden on the SPE.
− SPE
It is connected to a UPE and is located in the core of a full-mesh VPLS network. The
SPE is connected to all the devices in a full-mesh VPLS network.
For an SPE that is connected to a UPE, the UPE acts as a CE. The PW set up between
the UPE and the SPE serves as the AC of the SPE. The SPE must learn the MAC
addresses of all the sites on the UPE side and those of the UPE interfaces that are
connected to the SPE.

6 Service Features
IGMP snooping
VPLS can isolate users. Each VPN needs to support IGMP snooping, that is, the
multi-instance IGMP snooping.
VPLS learns MAC addresses in the following modes:
− Unqualified
In this mode, there can be numerous VLANs in a VSI to share a MAC address space
and a broadcast area. When learning MAC addresses, VPLS also learns the VLAN
IDs.
− Qualified
In this mode, each VSI has only one VLAN that has independent MAC address space
and broadcast area. When learning MAC addresses, VPLS need not learn the VLAN
IDs.
VPLS/H-VPLS equal-cost load balancing
In VPLS/H-VPLS services, when there are multiple public tunnels of equal cost from the
local PE to remote PE, the VPLS PW performs the HASH algorithm and then select one
tunnel to forward data flows. Different data flows over the same PW may be forwarded
through different public tunnels.
Fast switching of multicast traffic
If the VSI in VPLS/H-VPLS transmits multicast traffic and when the master TE tunnel in
the public network is faulty, the TE HSB switchover is performed within 500 ms.
mVPLS
mVPLS refers to a management VPLS. The VSIs associated with the mVPLS are called
management VSIs (mVSIs).
The prerequisite to the Up state of an mVSI differs from that to a common VSI (service
VSI) as follows:
− Common VSI: has two or more Up AC interfaces, or has both one Up AC interface
and one Up PW.
− mVSI: has one Up PW or AC interface.
An mVSI can be bound to a common VSI. When an mVSI receives a gratuitous ARP
packet or a BFD Down packet, the mVSI notifies all the common VSIs bound to it to
clear MAC address entries and re-learn MAC addresses.
STP over PW
STP over VPLS can address the following problems:
− Loops that are formed in inter-AS VPLS networks (Option A)
− Loops that are formed when multiple ring networks are dual-homed to an H-VPLS
network
− Loops that are formed when the DSLAM accesses multiple UPE devices
Ethernet loop detection
Virtual Private LAN Service (VPLS) is a significant technology for the Metropolitan
Area Network (MAN). To avoid the impact of single point failures on services, user
networks are connected to the VPLS network of a carrier through redundant links. The
redundant links, however, lead to loops, which further causes the broadcast storm.
In networking applications, you can deploy the Spanning Tree Protocol (STP) or
common loopback detection technologies to avoid the preceding problems. In practice,
however, STP should be deployed at the user side, and the common loopback detection
technology requires the devices at the user side to allow special Layer 2 loopback
detection packets to pass through.

6 Service Features
When user networks cannot be controlled, you can deploy Ethernet loop detection
supported by the CX600 over the carrier network. Ethernet loop detection need not be
deployed at the user side. This also avoids the broadcast storm caused by loops formed in
a VPLS network.
PWE3
The Pseudo-Wire Emulation Edge to Edge (PWE3) is an end-to-end technology that bears
Layer 2 services. PWE3 emulates the attributes of services such as ATM, FR, Ethernet,
low-speed TDM circuit, and SONET/SDH in a Packet Switched Network (PSN).
Classification of PWs
PWs can be classified into the following types:
− Static PWs and dynamic PWs in terms of implementation
− Single-hop PWs and multi-hop PWs in terms of networking
− LDP PWs and RSVP PWs in terms of signaling
Control Word (CW)
The CW is negotiated on the control plane, and is used for packet sequence detection,
packet fragmentation, and packet reassembly on the forwarding plane. In the PWE3
protocols, ATM Adaptation Layer Type 5 (AAL5) and FR require the support for the CW.
The negotiation of the CW on the control plane is simple. If the CW is supported after
the negotiation, the negotiation result needs to be sent to the forwarding module, which
detects the packet sequence and reassembles the packet.
The CW has the following functions:
− Carries the sequence number for forwarding packets
On the forwarding plane of PWE3, a 32-bit control word is prefixed to the data to
indicate the packet sequence, if the control word is supported. When load balancing is
supported, packets may be out of sequence. The CW can be used to number the
packets so that the peer can reassemble the packets.
− Fills the packets to prevent the packets from being too short.
For example, if Ethernet runs between PEs and PPP runs between PEs and CEs, the
size of the PPP control packet is smaller than the smallest MTU supported by the
Ethernet. Then, the PPP negotiation fails. In this case, you can add the CW, that is,
add the fill bit.
− Carries the control information of the Layer 2 frame header.
In certain cases, Layer 2 frames do not need to be transmitted completely in the
L2VPN packets on the network. The frame header is removed at the ingress and
added at the egress. This method, however, cannot be used if information in the frame
header needs to be carried. You can use the CW to solve this problem. The CW can
carry the negotiated information between the ingress PE and the egress PE.
On the control plane, the negotiation succeeds only when both ends or neither end
supports the CW. On the forwarding plane, whether the control word is supported
depends on whether it is supported on the control plane.
VCCV ping
VCCV ping is a tool that is used to manually test the connectivity of the VC. Similar to
ICMP ping and LSP ping, it is implemented through the extended LSP ping. VCCV
defines a series of messages transmitted between PEs to verify the connectivity of PWs.
To ensure that the path of VCCV packets is consistent with the path of data packets in
PWs, the encapsulation type and the passed tunnel of VCCV packets must be the same as

6 Service Features
those of PW packets. VCCV can be used as a fault detection and diagnostic tool for PWs.
For details, refer to draft-ietf-pwe3-vccv and draft-ietf-mpls-lsp-ping.
The CX600 supports VCCV ping. That is, you can manually detect the connectivity of an
LDP PW that can be a static PW, a dynamic PW, a single-hop PW, or a multi-hop PW on
UPEs. Figure 6-21 shows the reference model of PWE3 VCCV.
Figure 6-21 Reference model of PWE3 VCCV
Emulate Service
PW1 AC
AC
PW2
CE1 U-PE1 U-PE2 CE2
VCCV
The VCCV can be used as a fault detection and a diagnostic tool for PWs. The VCCV can be
a combination of one type of CCs and one type of connectivity verifications (CVs), because
the lower layer PSNs are different, such as LSP ping, L2TPv3, or Internet Control Message
Protocol (ICMP) ping.
PW template
A PW template is a set of public attributes abstracted from PWs. A PW template is
shared by different PWs. For convenience of expansion, the command mode of the PW
template is added to set some public attributes of PWs. When creating a PW in interface
mode, you can use this template.
The CX600 supports the binding between a PW and a PW template. PWs can also be
reset.
Heterogeneity interworking
The CX600 supports the homogeneity interworking of PWE3 and also the heterogeneity
interworking to transparently transmit the data of different encapsulation types.
At present, the CX600 supports the following data transport by using PWE3: ATM
AAL5 SDU VCC transport, Ethernet, HDLC, ATM n-to-one VCC cell transport, IP
Layer 2 transport, and ATM one-to-one VCC cell mode.
ATM cell relay
The CX600 supports ATM cell relay. ATM cell relay is a technology that bears ATM
cells over PWE3 VCs. Figure 6-22 shows the label encapsulation for ATM cell relay
over a PSN.

6 Service Features
Figure 6-22 Networking diagram of ATM cell relay over a PSN
MPLS Label Stack

PSN Transport Header Outer Label
MPLS PSN tunnel Pseudo-wire Header Inner Label

identified by outer label
Control Word (sequencing
& protocol info)
Layer 1/2 Payload

Layer 2 connection
e.g ATM VCC/VPC MPLS Pseudo-wire identified
by inner label
PSN Tunnel
L2 PE Pseudo-wire PE L2
Connection or 'port'
carried On pseudo-wire
The outer label is used to identify a PSN tunnel; the inner label is used to identify a PW.
ATM cell relay bears the following services over a PSN:
− Services whose PW payload is the ATM cell
− Services whose PW payload is the AAL5 SDU
ATM cell relay is used to migrate the functions of the earlier ATM network through the
PSN without adding new ATM devices or changing the configuration of the CE devices
on the ATM network. ATM CEs regard ATM cell relay as a TDM leased line to
interconnect ATM networks by transparently transmitting cells through the PSN.
PW Redundancy
PW redundancy provides reliability by setting up multiple PWs on a VPN to protect traffic
transmitted along the PW. Those PWs assume one of two roles: master PW or backup PW.
The master and backup PWs are dynamically negotiated and determined. Once one PW fails,
traffic on this PW is switched to another PW. This ensures traffic transmission.
PW traffic is transmitted over public network tunnels. When a tunnel fails, traffic is switched
to another tunnel for transmission. In some scenarios, such as in the case of a PE failure or a
AC failure, however, traffic cannot be protected. Thus, PW redundancy is introduced to
implement traffic protection.
VLL FRR protects traffic by switching traffic from the master PW to the backup PW in case
the master PW fails. The master and backup PWs are statically configured.
PW redundancy provides the master and backup PWs that are dynamically negotiated and
determined through MC-Trunk or MC-APS on AC interfaces. The applications of VLL FRR
and PW redundancy are similar. PW redundancy is applicable to only PWE3 VLLs rather than
VLLs in other modes.
ATM IWF
The ATM InterWorking Function (ATM IWF) provides interworking between the ATM link
that is accessed through 1483B and the Ethernet link. ATM IWF carries out transparent

6 Service Features
transmission of ATM cells with 1483B encapsulation over the Ethernet link. To keep
information about the VPI and VCI accessed to a packet, the VPI is mapped to be the outer
VLAN ID and the VCI is mapped to be the inner VLAN ID. By adding double VLAN IDs to
the frame header on the data link layer, the router can transmit the ATM packets with VPI/VCI
information to the Ethernet link through the double VLAN IDs.
ATM IWF runs on L2VPNs and can be implemented in the following modes in actual
networking:
ATM IWF in CCC local connection mode
CCC is implemented between ATM sub-interfaces and Ethernet sub-interfaces on the
same router.
In the CCC local connection shown in Figure 6-23, ATM traffic with 1483B
encapsulation from the DSLAM is transmitted by the CX600 to the Ethernet link. The
VPI of the ATM traffic is mapped to the outer VLAN ID and the VCI is mapped to the
inner VLAN ID. Then, the Ethernet interface on the CX forwards the traffic to the BRAS.
The BRAS identifies different DSLAM users based on the double VLAN IDs.
Figure 6-23 Networking diagram of ATM IWF in CCC local connection mode
CCC
ATM GE
DSLAM CX A BRAS
ATM IWF in PW mode

Data packets of the ATM link and Ethernet link between the peer PEs can be
transparently transmitted on Layer 2 through an L2VPN LSP.
As shown in Figure 6-24, ATM traffic, after 1483B encapsulation, is transparently
transmitted to the remote Ethernet link over the PW (Martini or Kompella L2VPN).
During the transmission, the VPI of the ATM traffic is mapped to the outer VLAN ID
and the VCI is mapped to the inner VLAN ID. The ATM traffic is then transparently
transmitted to the BRAS. The BRAS identifies different DSLAM users based on the
double VLAN IDs.

6 Service Features
Figure 6-24 Networking diagram of ATM IWF in PW mode
CX A PW CX B
ATM GE
ATM
ATM Switch BRAS
6.5.4 BGP/MPLS L3VPN

The CX600 implements BGP/MPLS L3VPN, and thus provides carriers with end-to-end VPN
solutions. Carriers can provide VPN service for users as a new value-added service, which
serves as a flexible selection.
Figure 6-25 shows the application of BGP/MPLS L3VPN that the CX600 supports.

6 Service Features
Figure 6-25 BGP/MPLS L3VPN

Support access to MPLS VPN
VPN2 site3 through PPP, HDLC, ATM, Eth/
UPE VLAN, and remote dial-in/tunnel
VPN1 site1 access
MPLS Support routing protocols between
VPN2 site2 network PEs and CEs, such as static
PE
routing, BGP, RIP, OSPF, and
MP-BGP ISIS
MPLS SPE PE VPN1 site3
network
VPN1 site2
PE-ASBR
VPN2 site2 UPE
Hierarchical
PE Support inter-AS
solutions:
Support HoVPN to
VRF-to-VRF
extend the VPN
MP-EBGP
MP-Multihop EBGP
PE-ASBR
Support MPLS VPN over GRE

and MPLS VPN over TE tunnel
Provide the VPN manager

to manage VPNs among
devices of different
VPN3 site1 VPN3 site2 vendors
As a PE router, it supports access of CE routers through kinds of interfaces such as

Ethernet, POS, and VLAN, ATM, Remote Access and Tunnel interfaces.
It supports static routes and dynamic routing protocols such as BGP, RIP, OSPF, and
IS-IS, between CE routers and PE routers.
It supports various inter-AS VPN solutions.
Carrier's Carrier
The customer of the BGP/MPLS L3VPN service provider can serve as a service provider,
which is called the networking mode for the carrier's carrier. In this mode, the BGP/MPLS
L3VPN service provider is called the provider carrier or the first carrier. The customer is
called the customer carrier or the second carrier, which serves as a CE router for the first
carrier.
To keep good extensibility, the second carrier adopts the operating mode similar to the stub
VPN. That is, the CE router of the first carrier only advertises the routes (internal routes) of
the VPN where it resides to the PE router of the first carrier. The CE router does not advertise
its customers' routes (external routes). PE routers of the second carrier exchange external
routes through BGP. This greatly reduces the number of routes maintained on the first carrier
network.

6 Service Features
Inter-AS VPN
The CX600 supports the following inter-AS VPN solutions explained in RFC 2547bis:
VPN instance to VPN instance: ASBRs manage VPN routes in between through
sub-interfaces, which is also called Inter-Provider Backbones Option A.
EBGP redistribution of labeled VPN-IPv4 routes: ASBRs advertise labeled VPN-IPv4
routes to each other through MP-EBGP, which is also called Inter-Provider Backbones
Option B.
Multihop EBGP redistribution of labeled VPN-IPv4 routes: PE routers advertise labeled
VPN-IPv4 routes to each other through Multihop MP-EBGP, which is also called
Inter-Provider Backbones Option C.
Multicast VPN
The CX600 supports multicast BGP/MPLS L3VPN.
Multicast services are deployed in the network shown in Figure 6-26. VPN users in various
sites receive multicast traffic from the local VPN. The PE in the public network supports
multi-instance.
As shown in Figure 6-26, the public network instances on each PE and the P implement
public network multicast. VPN multicast data is multicast in the public network.
Figure 6-26 Networking diagram of applying public network multicast

PE1_public-instance
P1
P2
PE3_public-instance
P3
PE2_public-instance
As shown in Figure 6-27, the VPN A instances on each PE and the sites that belong to the
VPN A implement VPN A multicast.

6 Service Features
Figure 6-27 Networking diagram of applying VPN A multicast
VPNA
site1
CE1
PE1_vpnA-instance
PE3_vpnA-instance MD A
CE2
CE3 PE2_vpnA-instance
VPN A
VPN A
site3
site2
As shown in Figure 6-28, the VPN B instances on PEs and the sites that belong to the VPN B
implement VPN B multicast.
Figure 6-28 Networking diagram of applying VPN B multicast
CE4
PE1_vpnB-instance
VPN B VPN B
site4 site5
CE5
MD B
PE2_vpnB-instance
CE6
VPN B
site6
Take VPN A instances as an example. Multicast VPN can be summarized as follows:

The multicast source S1 belongs to VPN A. S1 sends multicast data to G, a multicast
group.
Among all possible data receivers, only members of VPN A can receive multicast data
from S1.

6 Service Features
Multicast data is multicast in various sites and the public network.

To implement multicast VPN, the following network conditions are required:
Each site that supports multicast based on VPN instance
A public network that supports the multicast based on public instance
A PE device that supports the following multi-instance multicast:
Connecting sites through VPN instance to support multicast based on VPN instances
Connecting the public network by using public network instances and supporting
multicast based on public network instances
Supporting data switching between public network instances and VPN instances
IPv6 VPN
As an enhancement of IPv4, IPv6 is an Internet protocol of the next generation. IPv6 provides
the enhanced address space, configuration, maintenance, and security functions, and supports
more access users and devices in the Internet than IPv4.
The VPN is a virtual private communication network built over share links or public networks
such as the Internet. Users located in different areas can exchange data through the public
networks. Thus, the users can enjoy services similar to private P2P links.
An IPv6 VPN refers to a VPN where each site has the IPv6 capability and is connected to the
PE of the SP and then to the SP backbone network through an interface or a sub-interface by
using IPv6 addresses. To put it simply, an IPv6 VPN indicates that a PE router receives IPv6
packets from a CE router, which is different from an IPv4 VPN.
At present, IPv6 VPN services are implemented over the IPv4 backbone network of the SP. In
this case, the PE must support IPv4/IPv6 dual stack because the backbone network is an IPv4
network and the client sites use IPv6 address family, as shown in Figure 6-29. Any network
protocol that can bear IPv6 traffic can run between the CEs and the PEs. PE interfaces
connected to the client run IPv6; PE interfaces connected to the public network run IPv4.

6 Service Features
Figure 6-29 Networking diagram of the IPv6 VPN over the IPv4 public network
IPv6
VPN site2
IPv4 VPN backbone CE
P PE CE
PE IPv6
CE VPN site1
P
IPv6
VPN site1
PE
CE
CE
IPv6 IPv6
VPN site2 VPN site1
Through Multiprotocol Extensions for Border Gateway Protocol version 4 (MP BGPv4), the
IPv6 VPN advertises IPv6 VPN routing information in the backbone network, triggers MPLS
to allocate labels for IPv6 packets to mark the packets, and uses tunnels such as LDP LSPs,
MPLS TE tunnels, and GRE tunnels to transmit private network data in the backbone network.
An IPv6 VPN is implemented in the same way as that of a BGP/MPLS L3VPN.
The CX600 supports the following IPv6 VPN networking solutions:
Intranet VPN
Extranet VPN
Hub&Spoke
Inter-AS or multi-AS backbones VPN
Carriers' carrier
HoVPN
In BGP/MPLS VPN solutions, the key device, PE router, functions in the following aspects:
Provides access functions for users. To achieve this, a PE router needs a great number of
interfaces.
Manages and advertises VPN routes and processes user packets. This requires that a PE
router have large-capacity memory and high forwarding capabilities.
This causes the PE to becomes a bottleneck. To solve this problem, Huawei launches the
Hierarchy of VPN (HoVPN) solution. In HoVPN, functions of a PE router are distributed to
multiple PEs. Playing different roles in a hierarchical architecture, the PEs implement
functions of a centralized PE router together.
The basic architecture of HoVPN is shown in Figure 6-30. The device that is directly
connected to users is called the Underlayer PE or User-end PE (hereafter referred to as the

6 Service Features
UPE). The device that is connected to the UPE in the internal network is called the
Superstratum PE or Service Provider-end PE (hereafter referred to as the SPE). Multiple
UPEs and a SPE form a hierarchical PE, functioning together as a traditional PE router.
Figure 6-30 Basic architecture of HoVPN
VPN1 site
HoVPN
VPN2 site PE VPN1 site
UPE 1
SPE 1
MPLS
Network
VPN1 site SPE 2
UPE 2 PE VPN2 site
VPN2 site
In the networking of HoVPN, functions of PE routers are implemented hierarchically. Therefore, the
solution is also called Hierarchy of PE (HoPE).
SPEs and UPEs provide the following functions:

UPEs implement user access. UPEs maintain the routes of their directly connected VPN
sites. UPEs do not maintain the routes of other remote sites in the VPN, or UPEs
maintain only their summary routes. UPEs assign inner labels to the routes of their
directly connected sites, and advertise the labels to an SPE along with VPN routes
through MP-BGP.
SPEs manage and advertise VPN routes. They maintain the routes of all the VPNs that
are connected through UPEs, including the routes of local and remote sites. The SPEs do
not advertise routes of remote sites to UPEs. SPEs advertise only the default routes of
VPN instances or summary routes to UPEs carrying the label.
There are different requirements for SPEs and UPEs because they play different roles. SPEs
have large-capacity routing tables and high forwarding performance with few interfaces.
UPEs have small-capacity routing tables and low forwarding performance, whereas they
possess high access capabilities. HoVPN makes full use of the performance of SPEs and the
access capability of UPEs.

6 Service Features
An HoPE is the same as a traditional PE in appearance. HoPEs and common PEs can coexist
in an MPLS network.
HoVPN supports the embedding of HoPEs:
A HoPE can act as a UPE, and compose a new HoPE with an SPE.
A HoPE can act as an SPE, and compose a new HoPE with multiple UPEs.
The embedding of HoPEs can be repeated.
The embedding of HoPEs can infinitely extend a VPN network in theory.
RRVPN
Resource Reserved VPN (RRVPN) is a tunnel-multiplexing technology. It can provide
end-to-end QoS guarantee for VPN users.
To reserve and isolate resources for a VPN, RSVP-TE tunnels must be used. When RRVPN is
implemented, different VPNs use different tunnels. The resources of different tunnels with the
same tunnel interface, however, are isolated and reserved.
Note that the total bandwidth of the tunnels must not exceed the total bandwidth reserved for
the physical links.
Multi-role Host
In a BGP/MPLS L3VPN, the VPN attributes of the packets received by PEs from CEs are
determined by the VPN instance bound to the outbound interface on the PEs. Thus, all the
CEs whose packets are forwarded by the same PE interface belong to the same VPN.
In practical scenarios, some servers or terminals need to access multiple VPNs. These servers
or terminals are called multi-role hosts. For example, a server in a financial system in VPN 1
and a server in an accounting system in VPN 2 need to communicate.
In a multi-role host model, only the multi-role host can access multiple VPNs; the
non-multi-role hosts can access only the VPN to which the hosts belong.
A multi-role host generally fulfils the following functions:
Ensures that the data stream of the multi-role host can reach the destination VPN
network.
Ensures that the data stream from the destination VPN network can reach the multi-role
host.
As shown in Figure 6-31, the multi-role host (PC) belongs to VPN 1. If VPN 1 and VPN 2 on
PE1 cannot import routes from each other, PC can access VPN 1 only. The data stream sent
from PC to VPN 2 only reaches the routing table of VPN 1 on PE1. If PE1 finds no route to
the destination address of the packet, which belongs to VPN 2, in the routing table of VPN 1,
PE1 discards the packet.
To ensure that the data stream of PC can reach VPN 2, you can configure policy-based routing
(PBR) on PE1 interfaces that connect CE1. After the configuration, if PE1 cannot find the
destination address of a packet from CE1 in the routing table of VPN 1, it searches the routing
table of VPN 2 for the route and then forwards the packet. The PBR is generally based on IP
addresses and can guide data streams to access different VPNs.

6 Service Features
Figure 6-31 Implementation of a multi-role host
VPN1
PC
Static-Route CE2
PE2
Backbone
VPN1
CE1 PE1
PE3
Policy-Based Routing
VPN2
CE3
To ensure that the data stream replied from VPN 2 can reach PC, routes of the replied data
stream must exist in the routing table of VPN 1 on PE1. As a result, you need to add a static
route destined for PC to the routing table of VPN 2 on PE1. The outbound interface of the
static route must be the outbound interface that connects CE1 in VPN 1 to PE1.
The functions of a multi-role host are mainly implemented on the PE that connects the CE to
which the multi-role host is connected.
Through the PBR on a PE, the PE can search the routing tables of different VPNs for
routes of the data streams from the same VPN.
Static routes can be added to the routing table of the destination VPN on a PE. The
outbound interfaces of the static routes are the interfaces bound to the instances of the
VPN where the multi-role host resides.
Note that the IP addresses of the VPN where a multi-role host resides and the VPNs that the
host accesses cannot be the same.
6.5.5 L2VPN Accessing L3VPN

At the border between the traditional access network and the bearer network, one UPE and
one NPE are required to work together to implement the access.
The UPE terminates and accesses the L2VPN (VLL and VPLS ).
The NPE terminates and accesses the L3VPN.

6 Service Features
Figure 6-32 Traditional access network

The UPE terminates
The NPE accesses
the L2VPN and
the L3VPN and sets
accesses the L3VPN The UPE and the up the L3VPN tunnel
DSLAM NPE run as the CE DSLAM
for each other
UPE UPE NPE NPE UPE

Users access the UPE
L2VPN through ACs
MPLS L2VPN MPLS L3VPN MPLS L2VPN
User Switch User Switch
UPE UPE NPE NPE UPE UPE

The UPE accesses the
L2VPN and sets up the
L2VPN tunnel AC for user access
Users access the L3VPN through the L2VPN
L2VPN tunnel
L3VPN tunnel
MPLS is widely applied on the access network of the ISP because it features high reliability
and security and sound IP-based operating and maintenance capabilities, and supports QoS.
MPLS L2VPN provides MPLS-based VPN services and transparently transmits Layer 2 data
of users on the MPLS network. It thus provides a channelized path for user services and
reduces the LSPs maintained by transit nodes. MPLS L3VPN services are a kind of common
services provided by the ISP over the bearer network. MPLS L2VPN tunnels enable users to
access the MPLS L3VPN of the bearer network. Users can access MPLS L3VPNs through
low-end devices such as the Ss. In this manner, networking cost is reduced and secure and
stable MPLS L3VPN services are provided for users.
To access L3VPNs through MPLS L2VPN tunnels, two devices that are a PE-AGG and an
NPE need to be deployed at the border between the access network and the bearer network. In
addition, the PE-AGG is used to terminate the L2VPN and the NPE is used to terminate the
L3VPN. The PE-AGG and the NPE run as the CE router for each other. In this case, if an
NPE combines the capability of the PE-AGG, networking cost can be saved and networking is
simplified. The VE interface, which is supported by the CX600 to access multiple services,
can be bound to the L2VPN and L3VPN at the same time. That is, the VE interface can access
and terminate the L2VPN and L3VPN. In this manner, the CX600 can run as the NPE and
PE-AGG at the same time.

6 Service Features
Figure 6-33 L2VPN access to the L3VPN
The UNPE terminates the L2VPN,

accesses the L3VPN, and sets up
the L2VPN and L3VPN tunnels
DSLAM DSLAM
UPE
Users access the UPE UNPE UNPE

L2VPN through the AC
MPLS L3VPN
L2VPN L2VPN
User Switch User Switch
UPE UNPE UNPE UPE
The UPE accesses the

L2VPN and sets up
the L2VPN tunnel AC for user access
Users access the L3VPN through the L2VPN
L2VPN tunnel
L3VPN tunnel
Without a dedicated board, the CX600 can associate Layer 2 with Layer 3 VE interfaces by
using a VE group. The CX600 terminates the VLL and the VPLS through Layer 2 VE
interfaces and accesses the L3VPN through Layer 3 VE interfaces. The UNPE function is thus
implemented.
6.5.6 VPN QoS

The ISP provides L2VPN or L3VPN access services for a VPN user and signs the SLA with
the user. The SLA includes the following:
Total bandwidth used by the user to access the MPLS VPN
Priority of the user service in the MPLS network
The preceding two points determine the volume of user traffic that can access the ISP network.
After the user's access to the ISP network, a problem, to be faced with, lies in the type of QoS
to be provided for the user.
The bandwidth for the user traffic to a specified peer PE router is guaranteed.
Types of services to a specific peer PE router, such as voice, video, important data, and
common network services, require guaranteed bandwidth and delay.
VPN QoS provides a relatively complete L2VPN or L3VPN QoS solution. It resorts to
various QoS features to answer the diversified and delicate QoS demands of VPN users. The
VPN QoS provides QoS in the MPLS DiffServ network and end-to-end QoS in the MPLS TE
network. In the application, you can select the QoS policy as required.

6 Service Features
L3VPN with QPPB

The QoS Policy Propagation Through the Border Gateway Protocol (QPPB) propagates the
QoS policy through BGP.
The receiver of BGP routes can do as follows:
Sets QoS parameters for BGP routes based on the attributes of BGP routes.
Classifies traffic by matching QoS parameters and sets the QoS policy for the classified
traffic.
Forwards packets in accordance with the locally-set QoS policy to propagate the QoS
policy through BGP.
In an L3VPN, you can set the QPPB policy for private routes to classify L3VPN traffic,
re-mark the traffic class, and limit the traffic volume.
L2VPN/L3VPN with MPLS DiffServ

In this case, VPN QoS has the following functions:
On the ingress PE router, VPN QoS classifies VPN traffic according to simple traffic
classification or complex traffic classification. The classified traffic is limited, re-marked,
and scheduled based on the priority. Traffic classification and scheduling support
uniform and pipe or short pipe mode.
VPN QoS performs differentiated queue scheduling according to the MPLS EXP field on
the P router.
On the egress PE router, VPN QoS performs differentiated queue scheduling based on
the EXP field and limit and shape traffic on the outbound interface.
VPN QoS with DiffServ has the innate defect of the DiffServ model. That is, only the QoS
action is performed according to the predefined PHB on the transit node. This fails to
guarantee the end-to-end QoS and eradicate network congestion.
L2VPN/L3VPN with MPLS TE

The characteristic of this solution is that the P and PE routers on the MPLS network reserve
bandwidth through the TE signaling protocol. In this manner, the network is free from
blocking, providing end-to-end bandwidth guarantee. But the P routers do not distinguish
service marks inside the tunnel and uniformly process the packets of various marks. QoS
mapping between MPLS packets and IP packets or Layer 2 packets on the PE router supports
the pipe/short pipe model.
In this solution, the ingress PE router binds the VPN to a TE tunnel. QoS parameters are
based on the peer PE on the VPN and the peer PE is associated with the TE tunnel.
At the network side, the PE router performs queue scheduling based on VPNs, ensures
the bandwidth of VPN services to access the TE tunnel, and guarantees the total
bandwidth of the TE tunnel.
The P router guarantees the bandwidth of the TE tunnel.
The ingress nodes do not distinguish the priorities of services transmitted on the TE tunnel.
Therefore, services of various priority levels need to be allocated to different VPNs in the
network planning.

6 Service Features
Figure 6-34 L2VPN/L3VPN with MPLS TE
PE2 VPNA
Backbone
site 3
network
PE1
VPNA
site 1 PE3
VPNA
site 2
Only one type of services in
VPNA
L2VPN/L3VPN with MPLS DS-TE

The characteristic of this solution is that the P router and PE routers on the MPLS network
reserve bandwidth through the Differentiated Service-Traffic Engineering (DS-TE) signaling
protocol for various types of services. In this manner, the network is free from blocking,
providing end-to-end bandwidth guarantee. In addition, services transmitted on the tunnel are
differentiated.
In this scheme, the ingress PE binds the VPN to the DS-TE tunnel and QoS parameters are
configured based on the peer PE on the VPN.At the network side, the PE router schedules
queues based on VPNs, ensures the bandwidth of the VPN services to access the DS-TE
tunnel, and guarantees the total bandwidth of the DS-TE tunnel. The P router guarantees the
bandwidth of the DS-TE tunnel.

6 Service Features
Figure 6-35 L2VPN/L3VPN with MPLS DS-TE
Backbone
network VPNA
site 3
PE2
PE1
VPNA
site 1 PE3
VPNA
site 2
VPNA carries three types of services,
ensuring the QoS for each service in
the same VPN
VPN-based QoS on the Network Side in an L2VPN/L3VPN

Bandwidths are restricted and guaranteed for different types of services in the VPNs on the
network side of the ingress PE. In this manner, services are differentiated and processed.
In this scheme, QoS parameters and scheduling models are configured for the VPN of the
ingress PE. Queue scheduling is then performed based on VPNs on the network side of the
ingress PE. Therefore, the bandwidths of the VPNs are restricted and guaranteed.

6 Service Features
Figure 6-36 VPN-based QoS on the network side in an L2VPN/L3VPN
flow1
flow2
Scheduler
classfier
flow3
flow4 port
flow5
flow6
flow7
flow8
CE-2
Interface
M
VPN-A:30M Interface -based
A:20
VPN-A
VPN-A -based PE-2
VSI-
CE-1 PE-1 VSI-A
VSI-A CE-4
P-2
CE-5 CE-6
PE-3
VPN-A VPN-A
P-3
CE-7
VSI-A
CE-8
6.6 IPTN Features

How to provide services with end-to-end QoS guarantee on an IP bearer network has become
an urgent demand for carriers. Therefore, the current Internet needs to be reconstructed in
order to provide better data services. Huawei puts forward the IP Telephony Network (IPTN )
solution to meet the demand. The IPTN solution aims to provide end-to-end QoS by
reconstructing the current IP network. In this solution, the concept of bearer control layer is
addressed between the service control layer and the bearer layer; resources are applied, kept
and released respectively before, during, and after they are used to improve the transmission
efficiency of the bearer network.
Figure 6-37 shows the scenario in which the CX600 serves as a service router (SR ) in an
IPTN network.

6 Service Features
Figure 6-37 Application scenario of the IPTN

COPS
SR
ISP
DSLAM
User
DHCP Server
An IP packet of the user is encapsulated in a QinQ packet with double VLAN tags through the
DSLAM and then accesses the SR. The outer VLAN ID specifies the DSLAM; the inner
VLAN ID specifies the user.
With the DHCP relay function, the SR forwards a DHCP request packet to the DHCP server
when receiving an access request from the user. After the DHCP server returns an assigned IP
address to the user, the SR reports information about the online user to the COPS server.
The information includes the following:
Location of the user, that is, CircuitId in the DHCP Option 82 field
VPN to which the user belongs
IP address of the user
MAC address of the user
In addition, the CX600 provides the following functions:
Supports the three-level limit to the number of users.
Provides the detection of online users and the processing of the user getting offline.
Checks the validity of IPTN users.
Displays information about online users and forcibly cuts off online users.
6.7 QoS Features

The CX600 provides the QoS features of integrated services including real-time services. In
particular, the CX600 supports DiffServ as follows:
Traffic classification
Traffic policing
Traffic shaping
Congestion management
Queue scheduling
The CX600 can implement all the eight PHB behaviors of Expedited Forwarding (EF ),
Assured Forwarding 1 (AF1 ), AF2, AF3, AF4, Best-Effort (BE ), Class Selector 6 (CS6 ), and
CS7. With the CX600, network operators can provide users with differentiated QoS guarantee,

6 Service Features
and make the Internet an integrated network that can carry data, voice, and video services at
the same time.
Figure 6-38 shows the hierarchical QoS (HQoS ) of the CX600.
Figure 6-38 Networking diagram of applying HQoS
Inbound
interface
L1
L2 RED
CAR WRED
L3
......
L4
Receive
packets Classify Policy Congestion Priority
and traffic avoidance scheduling
mark detection PQ
packets CQ
Outbound CBWFQ
interface
......
......
L1
RED L2 VOQ switch
WRED L3 Prevent the head
......
......
SARED L4 packet from blocking

Forward multicast switch
packets Priority Schedule Congestion Mark
scheduling/ traffic avoidance packets
traffic LLS detection according
shaping NLS to the class
PQ PBS
CBWFQ
The following describes the QoS features of the CX600.

6.7.1 DiffServ Model
6.7.2 Traffic Classification
6.7.3 Traffic Policing
6.7.4 Queue Scheduling
6.7.5 Congestion Management
6.7.6 Traffic Shaping
6.7.7 HQoS
6.7.8 QPPB
6.7.9 Ethernet QoS
6.7.10 ATM QoS

6 Service Features
6.7.1 DiffServ Model

When entering a network, services are classified, regulated, and distributed to different
behavior aggregates (BAs). A BA is identified by a DSCP code. At the core of the network,
packets are forwarded in accordance with the per-hop behavior (PHB) identified by the DSCP
code.
The advantage of DiffServ is that many service flows converge at a BA and are forwarded
according to the same PHB on the router. In this way, the service processing and storage are
simplified.
On the DiffServ core network, packet-based QoS ignores the signaling processing.
6.7.2 Traffic Classification

Traffic classification consists of the following steps:
Classifies the traffic based on certain rules.
Associates the traffic of the same type with certain actions.
Forms a certain policy.
Then, the policy is applied in the implementation of traffic policing, traffic shaping, and
congestion management, all of which are based on classes of the traffic.
In the following situations, the packets are processed by best effort delivery:
No QoS needs to be ensured.
No traffic classification is carried out.
No rules in the traffic classification are matched by the packets.
The CX600 supports simple and complex traffic classifications.
Complex traffic classification is usually configured on the router at the network edge; simple
traffic classification is configured on the core router.
Simple Traffic Classification

Simple traffic classification means that packets are divided into several priorities or service
classes according to the IP precedence or DSCP field value in IP packets, EXP field value in
MPLS packets, or 802.1p priority in VLAN packets. Traffic policies based on simple traffic
classification are used to map the priority of traffic on one type of network to another type.
This allows traffic to be transmitted in another network based on the previous priority.
At present, the CX600 supports traffic classification on the following interfaces:
Physical interfaces and sub-interfaces
Logical interfaces including VLANIF, Ring-If, and trunk interfaces
Complex Traffic Classification

Complex traffic classification means that packets are classified based on the quintuple of the
source and destination addresses, source and destination port numbers, and protocol type. It is
usually applied on the edge of a network. Complex traffic classification must be associated
with specific traffic control or resource allocation actions. Thus, it can provide differentiated
services.

6 Service Features
At present, the CX600 supports:

Classifications based on the source MAC address and destination MAC address in the
Ethernet frame header, protocol number carried over the link layer, and 802.1p priority
of tagged packets
Classifications based on the IP precedence, DSCP, or ToS value of IPv4 packets, source
IP address prefix, destination IP address prefix, protocol number carried in IP packets,
fragmentation flag, TCP SYN flag, TCP/UDP source port number or range, and
TCP/UDP destination port number or range.
The CX600 supports complex traffic classification on:
Physical interfaces
Logical interfaces including sub-interfaces, Ring-If interfaces, and trunk interfaces
6.7.3 Traffic Policing

In traffic policing, the committed access rate (CAR ) is used to control traffic. Packets are
classified according to a preset matching rule. If conforming to the rule, the packets are
forwarded by the router. If exceeding the limit specified by the rule, the packets are either
discarded or resent after their precedence is re-marked.
CAR uses token buckets (TBs ) to implement traffic policing. Figure 6-39 shows the
procedure of traffic policing with CAR.
Figure 6-39 Flowchart of traffic policing with CAR

...
Filling the bucket

Tokens
with tokens at a
specified rate
Classifying
Incoming packets Outgoing packets
Passed
Token bucket
Dropped
The tokens are put into the TB at the rate preset by the user. The capacity of the TB is
also preset by users. In case the token bucket is full, no more tokens can be added.
On arrival, the packets are classified according to the IP precedence, source address, or
destination address of packets. The packets that conform to the preset rule go into the TB
for further processing.
If there are enough tokens in the bucket, packets are forwarded. At the same time, the
amount of tokens in the bucket decreases based on the length of the packets. If the TB
contains insufficient tokens or is empty, the packets not assigned with enough tokens are
discarded or re-marked with the IP precedence, DSCP, or EXP values before being resent.
At this time, the number of tokens in the TB remains unchanged.

6 Service Features
The preceding process shows that the CAR technology enables a router to control traffic, and
mark or re-mark packets.
CAR is used to limit the traffic rate. With the CAR technology, a TB is used to measure the
data traffic that flows through the interfaces on a router so that only the packets assigned with
tokens go through the router in the specified time period. In this manner, the traffic rate is
limited. CAR specifies the maximum traffic rates of both incoming packets at the ingress and
outgoing packets at the egress. Meanwhile, the rate of certain types of traffic can be controlled
according to such information as the IP address, port number, and priority. The traffic not
conforming to the conditions is not limited in rate; such traffic is forwarded at the original
rate.
CAR is mainly applied at the network edge to ensure that the core device can process data
normally. The CX600 supports CAR for both the incoming and outgoing traffic.
6.7.4 Queue Scheduling

In computerized data communications, communication channels are shared by many
computers. In addition, the bandwidth of a WAN is usually less than that of a LAN. As a
result, when a computer in a LAN sends data to a computer in another LAN, data cannot be
transmitted over a WAN as fast as over a LAN because the WAN bottlenecks the data
transmission. Thus, some packets cannot be sent by the router between the LAN and the WAN.
The network is congested.
As shown in Figure 6-40, when LAN 1 sends packets to LAN 2 at a rate of 10 Mbit/s, traffic
congestion occurs on Serial 1 of Router 1.
Figure 6-40 Networking diagram of traffic congestion

Frame Relay CX2 PC2
serial 1
2M Ethernet
PC1 serial 1 10M
LAN 2
CX 1
Ethernet Server2
10M
LAN 1
Server1
Congestion management provides means to manage and control traffic when traffic
congestion occurs. The queue scheduling technology is used to handle traffic congestion.
Packets sent from one interface are placed into many queues which are identified with
different priorities. The packets are then sent according to the priorities. A proper queue
scheduling mechanism can provide packets of different types with reasonable QoS features
such as the bandwidth, delay, and jitter. The queue here refers to the outgoing packet queue.
Packets are buffered into queues before the interface is able to send them. Therefore, the

6 Service Features
queue scheduling mechanism works only when an outbound interface is congested. The queue
scheduling mechanism can re-arrange the order of packets except those FIFO queues.
Commonly-used queue scheduling mechanisms are as follows:
First In First Out (FIFO ) Queuing
Priority Queuing (PQ )
Custom Queuing (CQ )
Weighted Fair Queuing (WFQ )
Class-Based WFQ (CBWFQ )
Low Priority Queue (LPQ )
The CX600 supports FIFO, PQ and WFQ to implement the queue scheduling on interfaces.
6.7.5 Congestion Management

The CX600 adopts the Weighted Random Early Detection (WRED ) congestion control
mechanism.
The congestion control mechanism can be configured on each port based on the priority of the
queue. The CX600 uses a microsecond-level timer to trace the occupation of the shared
memory with the first-order weighted iteration method. In this manner, the CX600 can sense
the congestion in a timely manner and prevent network flapping. The CX600 drops the
packets of different drop priorities at different probabilities within the same traffic. This can
effectively prevent and control network congestion.
6.7.6 Traffic Shaping

When the network congestion occurs, the traffic policing (CAR technology ) is used to control
the traffic features of the packets and restrain the traffic. Thus, the packets that do not
conform to the traffic features are discarded. Sometimes, to decrease lost packets, the packets
that do not conform to the traffic specifications are cached and then sent at a uniform rate
under the control of the token bucket. This is traffic shaping. Traffic shaping decreases the
number of lost packets and satisfies the traffic requirement of the packets.
A typical application of TS is to control the burst of outgoing traffic based on the network
connection. Thus the packets can be transmitted at a uniform rate. The traffic shaping adopts
the Generic Traffic Shaping (GTS ) to shape the traffic that is irregular or does not conform to
the preset traffic features, which is convenient for the bandwidth match between the network
upstream and downstream.
6.7.7 HQoS
Hierarchical QoS (HQoS) is a QoS technology that can control the users' traffic and support
scheduling according to the priorities of user services.
The HQoS of the CX600 has the following functions:
Five levels of scheduling modes carry out abundant services.
Configures parameters such as the maximum queue length, WRED, low delay, SP/WRR,
CBS, PBS, and statistics.
The system supports the configuration of parameters such as the CIR, PIR, number of
queues, and scheduling algorithms between queues for each user.
Provides the traffic statistics function. The user can view the bandwidth usage of services
and properly distribute the bandwidth by analyzing the traffic.

6 Service Features
The system supports HQoS of VPLS, L3VPN, VLL, and TE.
6.7.8 QPPB
QPPB propagates the QoS policy through BGP.
The receiver of BGP routes can do as follows:
Sets QoS parameters for BGP routes, such as the IP precedence and traffic behavior,
based on the attributes of the routes.
Classifies traffic by matching QoS parameters and sets the QoS policy for the classified
traffic.
Forwards packets in accordance with the locally-set QoS policy to propagate the QoS
policy through BGP.
The receiver of the BGP route can set the IP precedence and the related specific traffic
behavior based on the following attributes:
ACL
AS path list of routing information
Community attribute list of routing information
Route cost of routing information
Address prefix list
Figure 6-41 Networking diagram of applying QPPB

Configure a
QoS policy Advertise routing
information
AS200
AS100
Packets filtered by
the QoS policy
In the complex networking where routing policies need to be modified dynamically, QPPB
can applied to simplify the modification of policies on the route receiver. You can modify the
routing policy on the BGP route sender to achieve this purpose.
6.7.9 Ethernet QoS

Layer 2 Simple traffic classification
The CX600 supports simple traffic classification in accordance with the 802.1p value in
VLAN packets. On the ingress PE router, the 802.1p value in a Layer 2 packet can be mapped
to the precedence field of the upper layer protocol such as the IP DSCP value or the MPLS
EXP value. In this manner, the Diff-Serv is provided for the packet in the backbone network.
On the egress PE router, the precedence field of the upper layer protocol is mapped back to
the 802.1p value to keep the original Ethernet precedence.

6 Service Features
QinQ Simple Traffic Classification

After QinQ encapsulation, the 802.1p priority in the inner VLAN tag cannot be sensed. The
system adds an outer VLAN tag rather than sense the 802.1p priority in the inner VLAN tag
in the process of QinQ encapsulation. The classes of services are thus not distinguished.
In the process of QinQ implementation, the 802.1p value in the inner VLAN tag needs to be
sensed. You can set the following rules through commands o sense the 802.1p value:
Ignore the 802.1p value in the inner VLAN tag and set a new 802.1p value in the outer
VLAN tag.
Automatically set the 802.1p value in the inner VLAN tag as the 802.1p value in the
outer VLAN tag.
Set the 802.1p value in the outer VLAN tag according to the 802.1p value in the inner
VLAN tag.
As shown in Figure 6-42, QinQ supports 802.1p remark in the following three modes:
Setting a value (Pipe mode).
Using the 802.1p value in the inner VLAN tag (Uniform mode).
Mapping the 802.1p priority in the inner VLAN tag to a value in the outer VLAN tag.
Multiple values in multiple inner VLAN tags can be mapped to the same value in the
outer VLAN tag, but a value in an inner VLAN tag cannot be mapped to values in
multiple outer VLAN tags.
Figure 6-42 Networking diagram of 802.1p re-marking supported by QinQ
Q-in-Q Supports
802.1p Remark
ISP
Network
CE PE
6.7.10 ATM QoS

At the edge of the ATM network, the equipment is responsible for access to the IP network.
Data is encapsulated in AAL5 frames such as IPoA, IPoEoA. Such frames are decapsulated
by the router and are forwarded to other types of interfaces, or are forwarded to the Ethernet
interface as Layer 2 Ethernet frames.
The IP network and the ATM network communicate through the IPoA technology. IPoA,
however, cannot effectively use all ATM functions. In addition, the scalability of ATM
applications is limited because of the use of the fully connected PVCs. As a result, the IP
network with Ethernet interfaces over 10 Gbit/s cannot communicate with the ATM network;
otherwise, traffic congestion may occur and QoS cannot be ensured. Therefore, to ensure
proper traffic planning and traffic policing for the interconnection between the IP backbone
network and the ATM backbone network, ATM QoS is introduced.
The ATM network possesses the QoS capability. With the transition from the ATM network to
the IP/MPLS network, the QoS capability of the ATM network needs to be kept. ATM QoS
enables ATM cells with higher precedence to be transferred with the same precedence in the

6 Service Features
IP network. Similarly, it enables IP packets with higher precedence to be transferred with the
same precedence in the ATM network.
Simple ATM Traffic Classification

When the ATM network is taken as the bearer layer of the IP network, however, the QoS
mechanisms of the ATM network and the IP network must be combined to obtain end-to-end
QoS.
By enabling ATM simple traffic classification on the interface, PVC, or PVP, you can map the
CoS and the CLP value to the internal priority of the router for upstream ATM cells, and map
the internal priority to the CoS and CLP value for downstream ATM cells. Thus, various QoS
services can be transmitted in different ATM networks.
ATM simple traffic classification supports:
ATM transparent cell transport
1483R
1483B
The 1483R protocol is used to encapsulate IP packets to carry out IPoA service. The 1483B
protocol is used to encapsulate Ethernet frames to carry out IPoEoA service.
Forced ATM Traffic Classification

Although ATM cells in the ATM network hold information about precedence, it is very
difficult to carry out IPoA, transparent cell transport, and IWF simple traffic classification
based on the precedence information. You can adopt forced traffic classification on the
upstream interface. That is, you can use command lines to set the precedence and color
manually for a specific PVC, interface (including the sub-interface ), or PVP, and carry
information about the precedence and color to the downstream interface.
As shown in Figure 6-43, on the upstream ATM interface of CX A, the precedence and color
for a specific flow can be set through command lines. Then the downstream interface can
carry out ATM QoS based on the value of the set precedence and color.

6 Service Features
Figure 6-43 Forced ATM traffic classification
The downstream ATM interface specifies the

outgoing queue for the flow according to the
precedence and color of the flow
BE
Set the packet precedence and
mark the packet on the upstream
ATM interface AF1
...
EF
CX A CX B
CS6
CS7
ATM physical interfaces, ATM sub-interfaces, ATM PVCs, and ATM PVPs all support forced
traffic classification.
6.8 Load Balancing

In a scenario where there are multiple equal-cost routes to a same destination, the CX600 can
perform load balancing on traffic among these routes. The CX600 provides equal-cost load
balancing and unequal-cost load balancing, which can be selected as required. In equal-cost
load balancing mode, traffic is evenly balanced among different routes. In unequal-cost load
balancing mode, traffic is balanced among different routes based on the proportion of
bandwidth of each interface.
6.8.1 Equal-Cost Load Balancing
6.8.2 Unequal-Cost Load Balancing
6.8.1 Equal-Cost Load Balancing

The CX600 can implement even load balancing on the traffic transmitted through the member
links of an IP-Trunk or an Eth-Trunk. When there are multiple equal-cost routes to a same
destination, the CX600 can implement balanced load balancing on traffic among these routes.
The load balancing mode can be either session-by-session load balancing or packet-by-packet
load balancing. By default, the session-by-session load balancing is adopted.
6.8.2 Unequal-Cost Load Balancing

The CX600 supports the following unequal-cost load balancing modes:
Load balancing based on routes: When the costs of different direct routes are the same,
you can configure a weight for each route for load balancing.
Load balancing based on interfaces: For an IP-Trunk or an Eth-Trunk, you can configure
a weight for each member link for load balancing.

6 Service Features
Load balancing based on link bandwidth for IGP: In this mode, unequal-cost
session-by-session load balancing is performed on the outbound interfaces of paths. The
proportion of traffic transmitted along each path is approximate to or equal to the
proportion of bandwidth of each link. This mode fully considers the link bandwidth. In
this manner, the case when links with low bandwidth are overloaded whereas links with
high bandwidth are idle does not exist.
The CX600 can balance traffic between physical interfaces or between physical interfaces and
logical interfaces. In addition, the system can sense the changes of bandwidth of logical
interfaces due to manual configuration or the status changes of member links. When the
bandwidth of logical interfaces changes, traffic is automatically balanced based on the new
bandwidth proportion.
6.9 Traffic Statistics

The CX600 provides types of traffic statistics functions. It can collect statistics on access
traffic of different users.
The traffic statistics functions are as follows:
Helps carriers to analyze the traffic model of the network.
Provides reference data for carriers to deploy and maintain DiffServ TE.
Supports traffic-based accounting for users that are not monthly-free.
6.9.1 URPF Traffic Statistics
6.9.2 ACL Traffic Statistics
6.9.3 CAR Traffic Statistics
6.9.4 HQoS Traffic Statistics
6.9.5 Interface-based Traffic Statistics
6.9.6 VPN Traffic Statistics
6.9.7 TE Tunnel Traffic Statistics
6.9.1 URPF Traffic Statistics

The CX600 collects statistics either on the overall traffic that complies with URPF or on the
discarded traffic that does not comply with URPF.

6 Service Features
Figure 6-44 URPF traffic statistics
Packets Statistics
Classifier
The default action for
unmatched packets is Pass
Packets that
match rules
Statistics
Perform the
action
Allow the packets complying
with URPF to pass through
Discard the packets without
complying with URPF
Statistics
6.9.2 ACL Traffic Statistics

The CX600 supports the ACL traffic statistics function. When the created ACLs are applied to
QoS and policy-based routing, the CX600 can collect statistics based on ACLs after the ACL
traffic statistics function is enabled. The system also provides commands to query the number
of matched ACL rules and bytes.
6.9.3 CAR Traffic Statistics

The CX600 provides numerous QoS features such as traffic classification, traffic policing
CAR, and queue scheduling. Directed at these QoS features, the CX600 provides the relevant
QoS traffic statistics function.
In traffic classification, the system can collect statistics on the traffic that matches rules
and fails to match rules.

6 Service Features
Figure 6-45 Traffic statistics in traffic classification
Packets Statistics
Classifier
The default action for
unmatched packets is
Pass
Packets that
match rules
Statistics
Filter, CAR, mirror, redirect,

re-mark, sample, URPF,
Perform the action TTL check
In traffic policing, the system supports the statistics on the following traffic:
Total traffic that matches the CAR rule
Traffic that is permitted or discarded by the CAR rule
Figure 6-46 CAR traffic statistics
Packets Statistics
Allow the packets

Bucket C Tokens in bucket C marked green to pass
are enough through
Tokens in
bucket C are
not enough
Process
Statistics packets
Re-mark the packets
according
marked yellow
to the color
marked
Bucket E Tokens in bucket E are
enough
Tokens in
bucket E are Statistics
not enough Discard the packets
marked red
Tokens in bucket E are not

enough
The system supports interface-based traffic statistics.

6 Service Features
When the same traffic policy is applied to various interfaces, the CAR traffic statistics in
the traffic policy is based on the interface.
6.9.4 HQoS Traffic Statistics

The system supports the following statistics on traffic queues:
Statistics on the number of forwarded packets, bytes, and discarded packets of the user
queues of eight priority levels
Statistics on the number of forwarded packets, bytes, and discarded packets of the user
group queues
Statistics on the number of forwarded packets, bytes, and discarded packets of the
queues of eight priority levels on an interface
6.9.5 Interface-based Traffic Statistics

The CX600 supports traffic statistics on interfaces and sub-interfaces.
6.9.6 VPN Traffic Statistics

In a VPLS network, the CX600 can collect statistics on incoming and outgoing traffic of the
access L2VPN user when it runs as a PE router.
In an L3VPN, the CX600 can collect statistics on incoming and outgoing traffic of access
users of various types when it runs as a PE router. The access users include:
Users that access the network through interfaces including logical interfaces
Multi-role hosts
Users that access the network through the VPLS/VLL
When VPN QoS services are configured, the CX600, as an ingress PE, can collect
statistics on the traffic that is sent on the network side.
6.9.7 TE Tunnel Traffic Statistics

When the CX600 runs as a PE router in an MPLS TE network, it supports statistics on
incoming and outgoing traffic of the tunnel. When the VPN is statically bound to the TE
tunnel, the system can collect statistics on traffic of each resource-isolated VPN over the TE
tunnel and the total traffic over the TE tunnel.
DS-TE supports the traffic statistics about each CT in a tunnel.
6.10 IP Compression
In the NGN bearer network, some carriers may lack transmission resources. The RTP/UDP/IP
packet header, however, contains about 40 bytes in the IP NGN service. For voice
compression algorithms that work well, the voice data in each packet occupies less than 30
bytes. In this case, the packet header costs much, with low transmission efficiency.
The CX600 provides types of compression algorithms. The transmission efficiency of the
network can thus be improved and the lack of transmission resources can be solved.

6 Service Features
CRTP
The Compressed Real-Time Protocol (CRTP ) defined in RFC 2508 can compress the 40-byte
RTP header including the UDP and IP headers into a header of 2 to 4 bytes. In this manner,
the lack of transmission resources is solved.
In the traditional network, voice over IP is supported through RTP. Figure 6-47 shows the RTP
packet format.
Figure 6-47 RTP packet format
8 bytes 20 bytes 8 bytes 12bytes 15~30 bytes
PPP IP UDP RTP Voice Date
Header Encapsulation
As shown in the Figure 6-47, the voice data occupies tens of bytes; the IP, UDP, and RTP
headers, however, contain 40 bytes. In a session, half bytes of the header, such as the source
and destination IP addresses and the source and destination port numbers, remain unchanged.
In addition, the length field in the IP/UDP header is unnecessary because the length can be
obtained through the calculation of the length of the link layer header. Differential coding can
be performed though some fields change. After these redundant fields are compressed, only
two to four bytes need to be reserved (normally, two bytes are kept; four bytes contain the
UDP checksum ), as shown in Figure 6-48.
Figure 6-48 cRTP packet format
8 bytes 2~4bytes 15~30bytes
PPP cRTP Voice Date
Header Encapsulation
ECRTP
ECRTP is short for Enhanced Compression Real-Time Transport Protocol. CRTP has to send
FULL_HEADER packets frequently over the links with high ratio of packet loss, packet
disordering, and long delays. This greatly affects the efficiency of compression. RFC3545
defines ECRTP to strengthen the CRTP functions and reduce the impact of link quality on the
efficiency of compression.
ECRTP changes the mode in which the compressor requests the decompressor to update the
context. In this manner, CRTP becomes more adaptable to the changes in link quality in the
following aspects:
The compressor regularly sends extended COMPRESSED_UDP packets to update the
context of the decompressor, so the context of the two ends can be synchronized. The
format of the packet is extended to carry more information about the changes in the
header.

6 Service Features
If no UDP checksum is carried, the field of CRTP head checksum is added. According to
the CRTP head checksum, the decompressor determines whether errors occur during
decompression and makes a second try. This can reduce the packets lost owing to the
asynchronous state between two ends.
The compressor sends N+1 synchronization packets continuously. In this manner, if a
synchronization packet is lost, the context of two ends can remain synchronous. The
value of N can be determined according to the link quality.
CRTP applies to reliable point-to-point links with short delays. ECRTP applies to low-rate
links of poor quality with long delays, high ratio of packet ratio, and packet disordering.
ECRTP is recommended for MPLS networks.
6.11 MSE Features

As a services router, the CX600 provides the Multi Service Edge (MSE ) feature to implement
access management and control over DHCP, IPOE, or dedicated line users.
MSE supports dynamic user access, user management, user-based authentication and
accounting, and user-based QoS. Meanwhile, MSE provides the BOD service for enterprise
users and DHCP users.
AAA
AAA is short for Authentication, Authorization, and Accounting. AAA provides authentication,
authorization, and accounting, which are performed in a domain.
AAA supports the following authentication modes:
Non-authentication
Local authentication
Remote Authentication Dial-In User Service (RADIUS )
In this mode, access users are authenticated by the RADIUS server. The RADIUS server
can work in active/standby mode.
Huawei Terminal Access Controller Access Control System (HWTACACS )
In this mode, access users are authenticated by the HWTACACS server.
AAA supports the following authorization modes:
Direct authorization: completely trusts users and directly authorizes them to pass
through.
Local authorization: authorizes users according to the configured attributes of user
accounts.
HWTACACS authorization: authorizes users through the HWTACACS server.
If-authenticated authorization: authorizes users to pass through if they pass the
authentication and the authentication mode is not non-authentication.
AAA supports the following accounting modes:
Non-accounting: provides free services.
Remote accounting: supports remote accounting through the RADIUS server or the
HWTACACS server.

6 Service Features
AAA supports prepaid services based on duration, traffic, or the combination of duration and
traffic. In addition, when the transmission of accounting stop packets fails, AAA can generate
an offline bill based on the accounting information and save the offline bill to the local device.
If the accounting to be copied to the RADIUS server is configured in the domain, the
accounting information is copied to the server after the accounting packets are sent.
Web Authentication Server

The CX600 provides the web authentication server, that is, the external web server. The
CX600 transparently transmits the response message from the RADIUS server to the web
authentication server. The CX600 allows setting the Portal version number that is used when
the CX600 communicates with the web server. By default, the Portal version number is V2.0.
In the Web authentication, after a user is successfully connected to the CX600 and assigned an
IP address, it is not authorized to access the Internet before passing the authentication on a
Web page.
DHCP Users, Dedicated Line Users

The CX600 supports the access of DHCP users and Layer 2/Layer 3/Layer 2 VPN dedicated
line users. Ethernet sub-interfaces, GE sub-interfaces, and Eth-Trunk sub-interfaces can be
configured as access interfaces to access users.
For DHCP users, the CX600 supports the DHCP relay mode and the DHCP server mode.
Users can be assigned addresses through the address pool on the local device or through the
DHCP server. The DHCP relay agent supports user access through triggering.
The CX600 can allocate QoS resources and implement accounting for users connected
through access interfaces in host, location, or CE-VLAN mode. The CX600 also allows
configuring the maximum number of users on interfaces.
The CX600 can restrict the number of access users. The CX600 can also enable or disable the
traffic statistics function for the downstream or upstream traffic of domain users.
The CX600 can record the online or offline failures of users and support the record query
according to the domain name, access location, MAC address, slot number, user type, or user
name. The CX600 also supports the record query according to the user type, access location,
user name, or any combination of them.
Static User
Static users refer to the users whose IP addresses, login interfaces, VLAN IDs, VPN instances,
or MAC addresses are specified by the system. Static users' IP addresses are permanent
instead of being allocated through DHCP.
The CX600 supports a maximum of 1024 static users.
User Login Triggered by ARP or IP Packets

When the link between a user and the CX600 is faulty but the user cannot sense the fault, the
CX600 sends the ARP request packet to the user to detect whether the user is online. If users
have gone offline, the CX600 releases resources related to the user and deletes the user entry.
After the link recovers, the user will resend an ARP request packet if the ARP entry of the
user ages; if the ARP entry does not age, the user sends IP packets.

6 Service Features
In this case, to enable the user to log in again, the CX600 supports the user access triggered
by ARP or IP packets. That is, when the CX600 receives an ARP packet but fails to find the
related ARP entry, a process of login and authentication of the user is triggered.
Backup of User Information

The CX600 can save and restore the information about the users that log off abnormally.
When a user logs off abnormally, the CX600 records information about the user. Therefore,
when the user logs in again through IP or ARP packet triggering, the CX600 enables the user
to enjoy related services again according to the saved user information.
Controllable Multicast
The users through the access interface can receive multicast packets only after passing
authentication. Each access user can receive a maximum of four multicast programs, that is,
four multicast streams. Unauthorized programs are not sent to access users.
QoS policy
The CX600 supports user-based HQoS to bind the configured QoS template to users.
The CX600 can control QoS based on the host, location, or CE-VLAN ID.
The CX600 also supports port-based, VLAN-based, user-based, or service-based traffic
shaping, and HQoS.
CoA or DM Logout
When users go online, the CX600 allows dynamically modifying authorization information
about users, which is known as Change of Authorization (CoA ).While maintaining the online
status of users, the network administrator can modify the service features of the RADIUS
server and then dynamically change the services used by users through the CoA packet. This
authorization mode is referred to as dynamic authorization.
CoA can modify the following user attributes:
Minimum and maximum bandwidth
Residual duration
Residual traffic
Controllable multicast program template
Real-time charging interval
User group
Idle-cut time
When residual traffic or duration is used up, the CX600 can send RADIUS DM messages
through the RADIUS server to inform the device of cutting off users.
BOD
BOD is a dynamic bandwidth allocation service. When users require adjusting bandwidth,
they can dynamically activate or deactivate the BOD service through the Portal server without
need of the intervention of operators. In addition, the BOD service provides a more flexible
service-based accounting mode for operators.

6 Service Features
In addition to providing the BOD service for DHCP users, the CX600 provides the BOD
service for different services of enterprise users, including the Internet access service and
L3VPN and L2VPN internetworking.
ANCP
The Access Node Control Protocol (ANCP ) provides a channel through which control
messages can be transmitted between the CX600 and an access node such as a DSLAM.
When functioning as a Network Access Server (NAS ) or a NAS proxy, the CX600 supports
the following functions:
Dynamic topology discovery
Link configuration
OAM detection
ANCP capability negotiation
Cooperation of the control messages transmitted by ANCP with the locally applied QoS
policy, which better controls user traffic
6.12 Security Features

Serving as the security gateway for system service access, the CX600 provides the following
functions:
Advanced security system structure
Abundant security protocols
Strict service access control
Figure 6-49 Security features
The control plane

Routing protocol Control information Secure VRP
separated from the
MD5 authentication filtering system
forwarding plane
SSH Routing security Bidirectional ACL
RADIUS URPF
TACACS+ Management Forwarding MIRROR

security security
SYSLOG NETSTREAM
NQA Service access SINKHOLE

security
ARP Broadcast/abnormal
Layer 2 limit DHCP snooping Port rate limit
attackproof traffic suppression
The following section describes the security features that the CX600 supports.
6.12.1 Security Authentication

6 Service Features
6.12.2 RPF/URPF
6.12.3 MAC Limit
6.12.4 Unknown Traffic Suppression
6.12.5 DHCP Snooping
6.12.6 Local Defense attack
6.12.7 GTSM
6.12.8 ARP Attack Defense
6.12.9 Mirroring
6.12.10 NetStream
6.12.11 Lawful Interception
6.12.1 Security Authentication

PPP supports the authentication methods of PAP and CHAP.
Routing protocols including RIPv2, OSPF, IS-IS, and BGP support plain text authentication
and MD5 encrypted text authentication.
LDP and RSVP support MD5 encrypted text authentication.
SNMP supports SNMPv3 encryption and authentication.
6.12.2 RPF/URPF
Unicast Reverse Path Forwarding (URPF ) functions to prevent network attacks based on the
source address spoofing.
Generally, when receiving a packet, a router obtains the destination address of the packet and
searches the forwarding table for a route to the destination address. If a route to the
destination address is found, the packet is forwarded; otherwise, the packet is discarded.
When a packet is sent to a URPF-enabled interface, URPF obtains the source address and
inbound interface of the packet. URPF then takes the source address as the destination address
to retrieve the corresponding inbound interface and compares the retrieved interface with the
inbound interface. If they do not match, URPF considers the source address as a spoofing one
and discards the packet. In this way, URPF can effectively prevent malicious attacks that are
launched by changing the source address.
6.12.3 MAC Limit

With abundant MAC limit functions, the CX600 can provide various security solutions for
large-scale Layer 2 networks and VPLS networks.
MAC Address Limit

With the rapid development of the Metro Ethernet, security plays a more important role on the
ingress of the MAN. In the Metro Ethernet, a large number of individual users access the
Internet over Ethernet links and it is common that hackers perform MAC attacks on the
network. MAC address limit supported by the CX600 can effectively defend the network
against the preceding attacks and guarantee the security of the ISP network.

6 Service Features
With the function of limit to MAC address learning, the system can limit the number of access
MAC addresses of a customer to prevent the customer from occupying the MAC address
space of other customers; the system can also discard attack packets on the ingress and
prohibit invalid packets from consuming bandwidth.
MAC address learning is the basic feature of Layer 2 forwarding. It is automatically carried
out and is easy to use. It, however, needs to be deployed with caution to avoid attacks.
The CX600 supports the following types of limit to MAC address learning:
Limit to the number of MAC addresses that can be learned
Limit to the speed of MAC address learning
Limit to interface-based MAC address learning
Limit to PW-based MAC address learning
Limit to MAC address learning based on VLAN+port
Limit to MAC address learning based on port+VSI
Limit to MAC address learning based on QinQ
MAC address learning limit can be applied to the network environment with fixed access
users and lacking in security, such as the community access or the intranet without security
management. When the number of MAC addresses learnt by an interface exceeds the limited
threshold, the MAC address of a new access user is not learnt. The traffic of this user is thus
broadcast at a restricted transmission rate.
MAC Address Entry Deletion

In a VPLS or an Layer 2 network, the MAC address table is the key of forwarding. It,
however, is also vulnerable to attacks though MAC entries are to be aged. MAC entries need
to be deleted to release MAC resources, minimizing the effect on other services.
The CX600 provides the following types of MAC address entry deletion:
Deletion of MAC address entries based on port+VSI
Deletion of MAC address entries based on port+VLAN
Deletion of MAC address entries based on the trunk interface
Deletion of MAC address entries based on the outbound QinQ interface
6.12.4 Unknown Traffic Suppression

In the VPLS or Layer 2 network, unknown traffic limit supported by the CX600 functions as
follows:
Manages users' traffic.
Allocates bandwidth to users.
In this manner, the network bandwidth is efficiently used and network security is guaranteed.
6.12.5 DHCP Snooping

DHCP snooping, a DHCP security feature, filters untrusted DHCP messages by creating and
maintaining a binding table. The binding table contains the MAC address, IP address, lease,
binding type, VLAN ID, and interface information. DHCP snooping acts as a firewall
between DHCP clients and the DHCP server.

6 Service Features
DHCP snooping is mainly used to prevent DHCP Denial of Service (DoS ) attacks, bogus
DHCP server attacks, ARP middleman attacks, and IP/MAC spoofing attacks when DHCP is
enabled on the device.
The working mode of DHCP snooping varies with the type of attacks, as shown in Table 6-1.
Table 6-1 Attack types and DHCP snooping working modes
Attack Type DHCP Snooping Working Mode

DHCP exhaustion attack MAC Address limit
Bogus DHCP server attack Trusted/Untrusted
Middleman attack and IP/MAC spoofing DHCP snooping binding table
attack
DoS attack by changing the value of the Check on the CHADDR field in DHCP
CHADDR messages
6.12.6 Local Defense attack

The CX600 provides a uniform local defense attack module to maintain and manage the
defense attack policy of the whole system. An all-around defense attack solution that is
operable and maintainable is thus provided for users.
Whitelist
The whitelist refers to a group of valid users or users with the high priority. By setting the
whitelist, you can enable the system to protect existing services or user services with the high
priority. You can define the whitelist through Access Control List (ACL) rules. Then, the
packets matching the whitelist are sent to the CPU in preference at a high rate.
The valid users that normally access the system as confirmed and the users with the high
priority can be added to the whitelist.
Blacklist
The blacklist refers to a group of invalid users. You can define the blacklist through ACL rules.
Then, the packets matching the blacklist are discarded or sent to the CPU in a low priority.
The invalid users that are involved in attacks as confirmed can be added to the blacklist.
User-defined Flows
User-defined flows indicate that the user defines ACLs. It is applied when unknown attacks
emerge on the network. The user can flexibly specify the characteristics of the attack data
flows and limit the data flows that match the specified characteristic.
Active Link Protection

The CX600 protects the TCP-based application-layer data such as session data with the
whitelist function. When a session is set up, information about this session is synchronized to
the whitelist. This ensures that all sessions are protected by the whitelist and are sent with

6 Service Features
high priority. This feature is called Active Link Protection (ALP). Through ALP, the running
of the existing services can be ensured in the case of attacks.
When detecting that the session is deleted, the system deletes information about this session
from the whitelist.
Uniform Configuration of CAR Parameters

Committed Access Rate (CAR) is used to set the rate of sending the classified packets to the
CPU. You can set the committed information rate (CIR), the committed burst size (CBS), and
the priority for each type of packets. With different CAR rules set for various packets, the
system can make the packets be free from affecting each other to protect the CPU.
The CX600 provides convenient methods for configuring CAR parameters:
Uniform configuration of CAR parameters for different LPUs
Uniform user interface for configuration
Configuration of CAR parameters with granularity at the protocol level
This makes the configuration interface more user-friendly.
Smallest Packet Compensation

The CX600 can efficiently defend the network against the attacks of small packets with the
smallest packet compensation function. After receiving the packets to be sent to the CPU, the
system detects the packet length.
When the packet length is smaller than the preset minimum packet length, the system
calculates the sending rate with the preset minimum length.
When the packet length is greater than the preset minimum packet length, the system
calculates the sending rate with the actual packet length.
Application-layer Service Association

The CX600 supports the application-layer service association. The system dynamically
detects the enabled application-layer information. When detecting that the application-layer
services are started, the system accepts the packets of the application-layer services and sends
them to the CPU; when detecting that the application-layer services are closed, the system
discards the packets of the services or sends the packets of the services with restricted
bandwidth.
Local URPF
URPF detects the packets forwarded and transmitted from the local devices at the ingress of a
network. In large-scale networks, local URPF can be enabled on local devices to prevent
impact on the forwarding performance. This allows URPF to detect only the validity of source
addresses of packets on the local devices. Thus, invalid packets are discarded. This prevents
the source address spoofing attacks.
Management and Service Plane Protection

Interfaces on routers are classified into management interfaces and non-management
interfaces. Management packets can be sent to the routers through management interfaces. On
MANs, the downstream interfaces on routers to connect users are generally non-management
interfaces.

6 Service Features
To prevent the devices from being controlled by hackers through non-management interfaces
or by flooding management packets, the CX600 provides management plane protection. This
allows the management packets to be received only from management interfaces. The
management packets are thus controllable.
Defense Against TCP/IP Packet Attacks

In current networks, attacks on TCP/IP networks are increasing, which brings about great
impact. The CX600 provides the following defense measures against attacks on TCP/IP
networks:
The defective packet attack indicates that the attacker sends a defective IP packet to a
targeted system, causing the system to crash during the processing of such an IP packet.
The system discards the following defective packets after they are identified through the
forwarding engine and software:
IP packets with null load
Null IGMP packets
TCPSYN packets whose source and destination IP addresses are the same in LAND
attacks
ICMP Echo Request packets whose destination addresses are broadcast addresses or
subnet broadcast addresses in Smurf attacks
Attacks of the TCP packet flag bit when the six flag bits (URG, ACK, PSH, RST, SYN,
and FIN) are all 1s, the six flag bits are all 0s, or SYN and FIN bits are both 1s
The fragmented packet attack indicates that the system cannot handle normal requests
from users or the system becomes Down when the CPU is busy with fragmented packets.
When the fragmented packets are identified by the forwarding engine and software, the
system implements CPCAR to limit the rate of sending repetitive fragmented packets to
the CPU. The software ensures the correctness of packet reassembly or discards the
packets whose reassembly fails.
Attacks of a huge number of fragments or attacks of the packets that have a large offset
value
Repetitive fragmented packets
Tear Drop, syndrop, nesta, fawx, bonk, NewTear, Rose, Ping of death, and Jolt attacks
TCP SYN: The system can identify TCP SYN packet flooding and implement CAR on
LPUs.
UDP flood: The system can identify packets in Fraggle attacks and attack packets on
UDP diagnosis ports. The system can discard those packets or filter out the packets on
LPUs.
Attack Source Tracing

When the CX600 is attacked, it obtains and stores suspicious packets. After the packets are
formatted, you can use commands or offline tools to view the packets. This helps to locate the
source of attacks easily.
When attacks occur, the system automatically removes the data encapsulated on upper layers
of the transmission layer and then caches the packets in the memory. When the number of
packets in the cache reaches a certain amount, for example, 20000 packets on each LPU, the
previous packets are overridden when more packets are cached.

6 Service Features
6.12.7 GTSM
Currently, some attackers on the network simulate valid packets to attack a router. As a result,
the finite resources of the router such as the CPU on the SRU/MPU is heavily loaded and
consumed. For example, the attacker continuously sends simulate BGP protocol packets to a
router. After the LPU of the router receives the packets destined for the local host, the LPU
sends the packets to the BGP processing module of the CPU on the SRU/MPU instead of
identifying the validity of the packets. As a result, the system is abnormally busy with the
high CPU utilization rate when the SRU/MPU of the router processes these valid packets.
To avoid the preceding attacks, the CX600 provides the GTSM. The GTSM protects services
of the upper layer over the IP layer by checking whether the TTL value in the IP header is
within the specified range. In the application, the GTSM is used to protect the TCP/IP-based
control layer such as the routing protocol from the type of CPU-utilization attacks such as
CPU overload.
The CX600 supports the following types of GTSM:
BGP GTSM
OSPF GTSM
6.12.8 ARP Attack Defense

In the current ISP network, Ethernet is commonly used for access. ARP runs as the open
protocol on the Ethernet, offering chances for malicious attackers. Malicious attackers attack
the network from the perspectives of space and time.
Space-based attacks indicate that the attacker resorts to the finite ARP buffer of a router.
The attacker sends a large number of simulate ARP request and response messages to the
router. As a result, the ARP buffer is overflowed; normal ARP entries cannot be buffered.
Normal forwarding is thus interrupted.
Time-based attacks indicate that the attacker resorts to the finity of the processing
capability of a router. The attacker sends a large number of simulate ARP request,
response, or other packets that can trigger the router to perform ARP processing. As a
result, the computation resources of the router are busy with ARP processing during a
long period; other services cannot be processed. Normal forwarding is thus interrupted.
Interface-based ARP Entry Restriction

The interface-based ARP entry restriction function effectively minimizes the attacked range
when the ARP entry overflow attack occurs. The attacked range is restricted in the interface.
In this manner, other interfaces of the board or the whole system are not affected.
Timestamp-based Scanning-proof
The timestamp-based scanning-proof function can identify the scanning attack on time and
suppress the processing of the requests generated by the scanning when a scanning attack
occurs, regardless of whether it is an ARP scanning attack or IP scanning attack. In this way,
the CPU is kept away from attacks.
ARP Bidirectional Isolation

As ARP request packets come from the outside of a device and can be initiated at any time,
the device cannot distinguish between normal packets and attack packets when the ARP
request packets carry valid IP addresses.

6 Service Features
According to the analysis of actual ARP attacks on some networks, the ARP attack traffic
comprises 50% ARP request packets and 50% ARP response packets. Therefore, a solution to
the attacks of numerous ARP packets must be based on the two aspects: ARP request packets
and ARP response packets.
ARP bidirectional isolation enables a device to process ARP request packets and ARP
response packets separately.
The device performs stateless responses for ARP request packets. That is, the device
generates neither ARP entries nor relevant states after replying to the ARP request
packets. Without sending the ARP request packets to the CPU for processing, the device
defends the ARP table of the gateway against address spoofing attacks by ARP request
packets.
The device processes only the ARP response packets of the ARP request packets sent by
its CPU. The ARP response packets of the ARP request packets that are not sent by its
CPU are then discarded. The normal ARP request packets can thus be promptly
processed.
Filtering of Invalid ARP Packets

The CX600 filters out the following types of ARP packets:
Invalid ARP packets such as the ARP request packets with the destination MAC address
as a unicast address, the ARP request packets with the source MAC address as a
non-unicast address, and the ARP reply packets with the destination MAC address as a
non-unicast address
Gratuitous ARP packets
ARP request packets whose destination MAC address is not null
You can configure the system to filter out one or more kinds of packets mentioned above
through command lines.
ARP VLAN CAR

ARP VLAN CAR is mainly applied to the scenario where packets are processed based on the
interface number and VLAN ID. This ensures that VLANs are isolated when attacks occur.
The attack against one VLAN does not spread to other VLANs. This minimizes the impact of
attacks on devices and services.
The CX600 can perform CAR twice on the ARP packets sent to the CPU. ARP VLAN CAR is
the second CAR implementation, which can be configured by users.
The device implements level-one CAR for packets before they are sent to a CPU.
If the sending rate of the ARP packets exceeds the level-one CAR, the ARP packets that
exceeded the configured threshold are discarded. The device then compares the rate of
the ARP packets surviving level-one CAR with the level-two CAR.
If the rate exceeds the configured threshold, these ARP packets are limited. If ARP
packets do not exceed the configured threshold of level-one CAR, all ARP packets are
sent to the CPU.
6.12.9 Mirroring
Mirroring means that the system copies the forwarding packets on a node in the network to a
specified observing port, without interrupting services. Users can specify the number of the
port to be observed and connect the packet analysis equipment with the observing port to

6 Service Features
observe the traffic. In local mirroring, the observing port and mirroring port reside on the
same device. In remote mirroring, the observing port and mirroring port reside on different
devices. The CX600 supports both the local mirroring and remote mirroring.
Mirroring is divided into the following types according to the requirements for the packets to
be copied:
Port mirroring: The packets received and sent by a mirroring port are completely copied
to a specific observing port.
Flow mirroring: On the basis of traffic classification, the packets that match specific
rules are copied and other packets are filtered out. By analyzing the filtered packets that
the system does not concern about, the system can control packets with fine granularity.
The efficiency of the packet analysis equipment can thus be improved.
Mirroring is divided into the following types according to the direction in which the packets
are copied:
Upstream mirroring: All packets or the packets that match specific rules received by a
mirroring port are copied to a specific observing port.
Downstream mirroring: All packets or the packets that match specific rules to be sent by
a mirroring port are copied to a specific observing port.
Local Mirroring
Figure 6-50 shows the networking diagram of applying local mirroring.
Figure 6-50 Networking diagram of applying local mirroring
CX
Port A Port B
Network 1 Network 2
Incoming Outgoing
packets PortC packets
Mirroring
packets
Packet analysis equipment
Network 1 and Network 2 are connected through Router. When the incoming packets from
Network 1 to Port A need to be monitored, you can copy the incoming packets to Port A as
mirroring packets. When the incoming packets are normally forwarded, the mirroring packets
can be forwarded through Port C to the packet analysis equipment for processing. In certain
cases, both the incoming packets and outgoing packets to and from Network 1 need be
monitored. This allows Router to copy the incoming and outgoing packets on Port A to the
observing port.
In local mirroring, a physical observing port and multiple logical observing ports can be
configured on an LPU. Multiple mirroring ports can be configured on an LPU.
Mirroring ports in local mirroring can be Ethernet interfaces and sub-interfaces, POS
low-speed serial interfaces, MP interfaces, or MFR interfaces.

6 Service Features
Observing ports in local mirroring can be Ethernet interfaces and sub-interfaces, POS
interfaces, Eth-Trunks and Eth-Trunk sub-interfaces, or IP-Trunks.
When the mirroring in local mirroring is implemented, inter-LPU mirroring is supported.
Remote Mirroring
Compared with local mirroring, remote mirroring features the following:
Network maintenance engineers can analyze mirroring packets from remote devices
rather than being on site.
A network maintenance engineer can analyze mirroring packets on different sites, which
saves human resources.
Figure 6-51 shows the networking diagram of applying remote mirroring.
Figure 6-51 Networking diagram of applying remote mirroring
CX C
Packet analysis
IP/MPLS backbone network
equipment
Customer1
CX A CX B
Customer2 CX D
CX A and CX B are edge routers on the IP/MPLS backbone network. Customer 1 and
Customer 2 access the backbone network through CX C and CX D respectively. To maintain
the network, analyze attacks, and locate faults, you need to check whether the protocol
packets sent from or received by CX A are correct; or you need to check whether the
sub-interfaces of a VPN user bound to CX C are attacked. In this manner, you need to copy a
type of protocol packets received by CX A, protocol packets sent from CX A to CX C, or
packets received by sub-interfaces on CX A to CX B. CX B then forwards the preceding
packets to the packet analysis equipment for analysis.
In remote mirroring, data from the mirroring port is copied and then the copy of data is sent
over a specified tunnel to a remote destination router where the remote observing port resides.
The remote observing port then forwards the copy of data to the packet analysis equipment.
Data transmitted from a mirroring port to a remote observing port forms a flow. If there are
two pieces of data transmitted from two mirroring ports to a remote observing port, these two
pieces of data form two flows.
The CX600 provides MPLS LSPs, MPLS TE tunnels, and GRE tunnels for remote mirroring.
In remote mirroring, multiple observing ports and mirroring ports can be configured on an
LPU.
In remote mirroring, the mirroring packets can be intercepted.

6 Service Features
6.12.10 NetStream
The Internet develops rapidly. This requires more delicate network monitoring and
management while this provides more bandwidth resources. Developing a technology to
answer the preceding demands becomes urgent.
NetStream is a technology that is based on network traffic statistics. It collects statistics on
traffic flows and resource usage in the network accordingly, and monitors and manages the
network based on types of services and resources. NetStream provides the following
functions:
Accounting
NetStream provides detailed statistics for the resource-occupation-based (such as links,
bandwidth, and time periods ) accounting. Statistics such as IP addresses, number of
packets and bytes, transmission time, ToS fields, and application types are collected.
Based on the collected statistics, the ISP can charge users flexibly based on time periods,
bandwidth, application, or QoS; enterprises can count their expenses or distribute costs
to make better use of resources. The enterprise customer can count the expense of the
department or assign the cost according to the information to make effective use of the
resources.
Network planning and analysis
NetStream provides key information for advanced network management tools to
optimize the network design and planning. The minimum network operation cost thus
achieves the best network performance and reliability.
Network monitoring
NetStream realizes the real-time network monitoring. The remote monitoring (RMON ),
RMON-2, and flow-based analysis technology visualizedly displays the flow mode on a
single router or routers across the network. This provides the basis for fault pre-detection
and effective fault rectification.
Application monitoring and analyzing
NetStream provides detailed application statistics about the network. For example, the
network administrator can view the proportion of each application, such as Web, the File
Transfer Protocol (FTP ), Telnet, and other TCP/IP applications to network traffic. The
ISP then properly plans and allocates network application resources to meet the users'
requirements according to these application statistics.
Abnormal traffic detection
NetStream detects the abnormal traffic such as network attack traffic of various types in
the real-time manner. NetStream ensures network security by means of alarms of the
NMS and the cooperation with devices.
NetStream consists of three devices: NetStream Data Exporter (NDE ), NetStream Collector
(NSC ), and NetStream Data Analyzer (NDA ). The relations among the three devices are
shown in Figure 6-52.
In Figure 6-52, the CXdevice is NDE.

6 Service Features
Figure 6-52 Diagram of NetStream data collection and analysis
CX A NSC
NDA
CX B NSC
The NDE samples packets and exports the information to the NSC. The NSC is responsible
for analyzing and collecting the statistics data from the NDE. The NDA analyzes the statistics
data and then provides the basis for various services, such as network accounting, network
planning, network monitoring, application monitoring, and analysis.
The CX600 can run as an NDE to sample packets, aggregate flows, and output flows.
According to the position of sampling packets and processing flows, NetStream on the CX600
is classified into distributed NetStream and integrated NetStream. Integrate NetStream
supports load balancing among multiple NetStream boards.
Distributed NetStream: An LPU can sample packets, aggregate flows, and output flows
independently.
Integrated NetStream: Some LPUs do not support integrated NetStream. They only
sample packets and then send the sampled packets to the NetStream SPU for integrated
processing of flow aggregation and output.
The CX600 provides the following functions from the aspect of sampling:
Supports sampling in the inbound and outbound interfaces. Some boards support
sampling on the inbound interface.
Supports interface-based sampling and traffic-classification-based sampling.
Supports sampling on IPv4 unicast/multicast packets, fragmented packets, MPLS
packets, MPLS L3VPN, and L2VPN VLL packets.
Supports regular packet sampling, random packet sampling, regular time sampling, and
random time sampling.
Supports sampling of various physical and logical interfaces such as POS interfaces,
Ethernet interfaces, VLAN sub-interfaces, serial/MP/FR PVC/FR MP interfaces
provided by CPOS interfaces, ATM interfaces, FR interfaces, trunk interfaces, VLANIF
interfaces, and GRE interfaces.
The CX600 provides the following functions from the aspect of aggregation and output:
IPv4 supports the aggregation modes that are as, as-tos, protocol-port, protocol-port-tos,
source-prefix, source-prefix-tos, destination-prefix, destination-prefix-tos, prefix, and
prefix-tos, VLAN-ID.
Supports aggregation of MPLS packets based on three-layer labels.
Outputs the generated statistics in v5, v8, and v9 formats. support 16, 32 bit AS Number
and controls selection by command line. When the packets are output in the v9 format,
both the 16-bit and 32-bit indexes are supported, which can be set through commands as
required.

6 Service Features
Each aggregated flow can be output to two NMS servers.
6.12.11 Lawful Interception

Lawful interception indicates that law enforcement agencies lawfully intercept user
information after authorized.
In lawful interception, the following information is intercepted:
CC: the contents of the communication such as emails and VoIP packets
IRI: information related to the communication, including the address, time, and network
location
The contents of communication (CC ) and intercepted related information (IRI ) can be
provided by the network devices of the carrier. The IRI is generally provided by the AAA
server. The CC is provided by the interception device, for example, the CX600.
Figure 6-53 shows the scenario for lawful interception.
In this scenario, the IRI is provided by the AAA server and the CC is provided by the CX600.
Figure 6-53 Scenario for lawful interception

LIG management system
AAA Server
HI1 L1
Interception center 1
X1,X2
HI2 Internet
Interception center 2
…… X1,X3
HI3
LIG CX
Interception center N
Lawful interception involves the following roles:

Interception center
The law enforcement agency intercepts the activities of online users. The interception
center initiates the interception and receives the interception result. The functions of the
interception center are as follows:
− Defining the intercepted target
− Initiating or terminating the interception
− Receiving and recording the interception result
− Analyzing the interception result
Interception management center
The interception management center is the agent of the interception centers. The
interception management center receives the interception request from the interception

6 Service Features
center, transforms the information in the request to the location and service identifier,
and then delivers the configuration of interception to the network devices of the carrier.
LIG
The lawful interception gateway (LIG ) acts as the agent between the interception
management center and the devices of the carrier. The LIG plays an important role in
lawful interception. Its functions are as follows:
− Receives the interception request from the interception management center through
the L1 and HI1 interfaces.
− Delivers the configuration of interception to network devices and obtains intercepted
contents through the X interfaces.
− Sends the intercepted contents to the interception management center through the HI2
and HI3 interfaces.
LIG management system
The LIG management system receives the interception request from the interception
management center and sends the request to the LIG. A LIG management system can
manage multiple LIGs.
The LIG management system delivers the configuration to the LIG through the L1 interface. The LIG is
located in the network of the carrier. The LIG management system is managed by the interception
management center.
Carrier
The carrier deploys the lawful interception function on the network devices. The devices
that support lawful interception receive the configuration from the interception
management center, and then send the intercepted traffic to the interception management
center.
6.13 Network Reliability

The CX600 supports the all-around reliability technologies, which satisfy the requirements for
the carrier-class network.
Figure 6-54 Reliability techniques
Interface Link Routing

Backup NSF BFD FRR
backup reliability optimization
Device reliability 99.999% Network reliability
Active/standby Eth Trunk Customized Grace Fast Fast route IP FRR

MPUs IP Trunk alarm damping Restart detection convergence TE FRR
Multiple SFUs Inter-board of link Loose policy- LDP FRR
Ethernet OAM
port binding fault based routing VLL FRR
Active/standby
power modules RPR interface VPN FRR
ECMP
backup

6 Service Features
6.13.1 Backup of Key Modules

6.13.2 High Reliability of the LPU
6.13.3 Transmission Alarm Customization and Suppression
6.13.4 Ethernet OAM
6.13.5 ISSU Features
6.13.6 VRRP
6.13.7 GR
6.13.8 BFD
6.13.9 FRR
6.13.10 BGP Indirect Next Hop
6.13.11 NSR
6.13.12 iSRM
6.13.1 Backup of Key Modules

The CX600 can work with a single SRU/MPU or two SRU/MPUs in backup mode. The
SRU/MPU of the CX600 supports hot backup. If the device is configured with two
SRU/MPUs for backup, the master SRU/MPU works in the active state and the slave
SRU/MPU is in the standby state. In addition, users cannot access the management interface
of the slave SRU/MPU, or configure commands on the console port or the AUX port. The
slave SRU/MPU exchanges information (including heartbeat messages and data backup ) only
with the master SRU/MPU, and doesn't exchanges information with other boards or devices.
The system supports active/standby switchover in two ways: automatic switchover and forced
switchover. The automatic switchover may be triggered by serious faults or resetting of the
master SRU/MPU. The forced switchover is triggered with commands through the console.
You can forcibly prohibit the active/standby switchover of the SRU/MPU by using related
commands.
The CX600 supports backup of the management bus and 1+1 backup for the power modules.
The LPUs, power modules, and fan modules are hot swappable.
In this manner, when a critical fault occurs on the device or network, the system can quickly
recover and respond. This improves the Mean Time between Failure (MTBF ) and minimizes
the impact of unreliable factors on normal services.
6.13.2 High Reliability of the LPU

The CX600 supports the protocol backup of key service interfaces of the same type as
follows:
The CX600 supports the Virtual Router Redundancy Protocol (VRRP ) on Ethernet
interfaces. With the extended VRRP, the CX600 enables two interfaces on one router or
on different routers to back up each other, thus ensuring high reliability of the interfaces.
The Eth-Trunk and IP-Trunk support inside backup and outside backup for member
interfaces.
The CX600 supports inter-board trunk bundling.

6 Service Features
− Users can access different LPUs over double links for inter-board bundling. This
ensures the high reliability of services.
− The CX600 implements the inter-board bundling through the high-performance
engine and forwards packets in load balancing mode at the line rate over multiple
links.
− The Hash algorithm based on the source and destination IP addresses carries out even
load balancing to forward traffic over links.
− Seamless switchover is performed in the case of a link failure, without interrupting
services.
Provided with protocol extensions, the CX600 implements backup for key service interfaces.
This allows the router to monitor and back up the running status of the interface when bearing
LAN, MAN or WAN services. In this case, the status change of the interface that is backed up
does not affect the routing table and the services at the interface can be restored quickly.
6.13.3 Transmission Alarm Customization and Suppression

At present, the carrier-class network requires higher reliability for the IP network. Thus, the
device in the network is required to rapidly detect the fault. After fast detection is enabled on
the interface, the physical status of the interface frequently switches between Up and Down
because alarm reporting becomes faster. As a result, the network frequently flaps. Thus,
alarms need to be filtered and suppressed to prevent frequent flapping of the network.
Transmission alarm suppression can efficiently filter and suppress the alarm signals. This
avoids the interface from frequently flapping. In addition, transmission alarm customization
enables you to control the impact on the interface status by alarms.
Transmission alarm customization and suppression implement the following functions:
Customize alarms. This can specify the alarms that can cause the status change of the
interface.
Suppress alarms. This can filter the burr and prevent the network from frequently
flapping.
6.13.4 Ethernet OAM

The CX600 supports the Ethernet OAM that consists of the fault management and
performance management.
With the fault management mechanism, the CX600 can detect the network connectivity by
sending the detection OAM packets periodically or through manual triggering. This
mechanism is similar to the Bidirectional Forwarding Detection (BFD ). The CX600 can also
locate faults of Ethernet by using means similar to the ping and tracert tools on IP networks.
The CX600 triggers protection switchover in less than 50 ms.
Performance management is used to measure the packet loss ratio, delay, and jitter during the
transmission of packets. It also collects statistics on various kinds of traffic such as the
number of bytes transmitted and the number of error packets.
Point-to-Point Ethernet Fault Management

IEEE 802.3ah was brought forward by Ethernet in the First Mile Alliance (EFMA ). IEEE
802.3ah defines the following functions:
Capability discovery

6 Service Features
Link performance monitoring

Fault detection and alarms
Loop detect
The PDUs of IEEE 802.3ah OAM are transmitted by a slow protocol. Fault detection
messages are sent every one second.
Conforming to IEEE 802.3ah, the CX600 supports the point-to-point Ethernet fault
management to detect faults in the last mile of the direct link on the user side of the Ethernet.
By now, the CX600 supports the following functions defined in IEEE 802.3ah:
OAM discovery
Link monitoring
Fault notification
Remote Loopback
End-to-End Ethernet Fault Management

This section describes the end-to-end fault management for Ethernet from the following two
aspects:
Hierarchical MD
The CX600 implements the end-to-end fault management for Ethernet by conforming to
IEEE 802.1ag or not.
IEEE 802.1ag is used to test the end-to-end Ethernet connectivity and locate faults. It
provides different levels of management domains, in which OAM messages with low
level are not forwarded to the management domain with high level. This guarantees the
security and maintainability of networks.
According to IEEE 802.1ag, the network that bears the Ethernet OAM mechanism is
divided into different Maintenance Domains (MDs ). An MD is an interconnected
Ethernet network maintained by an administrator. Multiple Service Instances (SIs ) can
be applied on an MD. An SI corresponds to a VLAN. An SI consists of multiple devices.
The border port on the SI is called the Maintenance association End Point (MEP ); all the
other ports, called the Maintenance association Internal Point (MIP ), are responsible for
connecting different MEPs. MEPs and MIPs together are called the Maintenance Points
(MPs ). All the MEPs in an SI comprise a Maintenance Association (MA ), in which the
fault detection is carried out.
Part of the network in an MD may be maintained by another administrator, namely, MDs
may be nested. The MD level is used to differentiate different levels of OAM that can be
carried out in an MA. The MD level is carried in the OAM message. The OAM message
with low level is discarded in the high-level MP.
End-to-End fault detection and location
The ISP and Internet Context Provider (ICP ) have gradually used the fault detection to
guarantee QoS and reduce maintenance expense. The fault detection is realized by
sending and detecting the Continuity Check (CC ) message at scheduled time.
The CX600 supports the tools of MAC Ping and MAC Trace by using the Loop Back
(LB ) and Link Trace (LT ) packet defined in IEEE 802.1ag to locate faults.
MAC Ping
MAC ping implemented by transmitting LB messages is used to test whether a device on
the network is reachable and to acquire the network state and the delay parameter.

6 Service Features
To carry out MAC ping between any two devices on the network, the CX600 needs to
ensure that the originating point is an MEP, the two points are MPs belonging to a same
MA, and the two points are reachable.
MAC Trace
MAC trace implemented by transmitting LT messages is used to test the transmission
paths of messages and the link break point between the two devices.
The requirements for MAC ping also apply to MAC trace.
Ethernet Performance Management

Conforming to ITU-T Y.1731 recommendations, the CX600 supports the Ethernet
performance management. The CX600 can measure the delay, jitter, and packet loss ratio in
transmission. To achieve that, the CX600 inserts the timestamp in the LB message defined in
IEEE 802.1ag. In this way, the CX600 can detect performance during a specified time period
and on a specified network segment to obtain the performance parameters of an end-to-end
service flow. The CX600 can measure the performance parameters at scheduled time and
output report containing the network management information.
By using the performance management tools, the ISP can monitor the network status in real
time through the NMS. The ISP then check whether the forwarding capacity of the network
complies with the Service Level Agreement (SLA ) signed with users and locate faults. The
ISP need not to carry out detection on the user side, which greatly decreases the maintenance
expense.
6.13.5 ISSU Features

To reduce the influence of software upgrade on service interruption in traditional upgrade
methods, improve the reliability of products, and maintain the products, the CX600 supports
In-Service Software Upgrade (ISSU ). Compared with the traditional upgrade methods, ISSU
has a great advantage of short interruption of services.
Before performing ISSU, the system selects the most appropriate upgrade method according
to the current hardware environment and service features. Based on the practical networking
scenarios, the CX600 supports the following types of ISSU:
Lossless ISSU: It can be adopted when all software features and boards meet the
requirements of ISSU, and the forwarding engine of the device does not change and the
microcode are not upgraded. It takes about 10 seconds to perform lossless ISSU.
Lossy ISSU: It can be adopted when certain software systems or hardware systems
change greatly and can not support lossless ISSU. It takes about one minute to perform
lossy ISSU.
When certain boards in the system do not support ISSU, the fast reboot upgrade is adopted by
default.
The CX600 supports the issu check command, with which the available upgrade methods can
be prompted for the current system. The CX600 also supports version rollback of ISSU. That
is, during the upgrading process, if the new system software cannot start the system, the
previous software that successfully starts the system can be used.
The rollback function provided by the CX600 can prevent the services from being affected by
the failure in system upgrading.

6 Service Features
6.13.6 VRRP
The Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. VRRP realizes
route selection among multiple egress gateways by separating the physical devices from
logical devices.
VRRP is applicable to such a LAN that supports multicast or broadcast as the Ethernet. VRRP
uses logical gateways to ensure high availability of transmission links. This avoids service
interruption that results from a gateway device failure, without changing the configuration of
routing protocols.
VRRP combines a group of routers in a LAN into a backup group that functions as a virtual
router. Hosts in the LAN know the IP address of only this virtual router rather than that of a
specific router in the backup group. Hosts set the IP address of the virtual router as their own
default next-hop address. In this manner, hosts in the LAN can access other networks through
the virtual router.
In the backup group, only one router is active and called master router; other routers are in the
backup state with different priorities and called backup router.
Figure 6-55 shows the networking diagram of a VRRP backup group consisting of three
routers.
Figure 6-55 Networking diagram of VRRP

10.100.10.2/24 Master
CX A
PC
10.100.10.3/24
Backup Internet
CXB
Server
Internal network Backup
10.100.10.0/24
Backup group CX C
Virtual IP Address
10.100.10.1/24 10.100.10.4/24
VRRP dynamically associates the virtual router with a physical router that undertakes
transmission services. VRRP can select a new router to take over the transmission when the
physical router fails. The entire process is transparent to users, and realizes non-blocking
communication between the internal network and the external network.
mVRRP
The Management Virtual Router Redundancy Protocol (mVRRP) refers to a management
VRRP group. The only difference between an mVRRP group and a common VRRP group is
that the mVRRP group can be bound to service VRRP groups and can determine the statuses
of the bound service VRRP groups.
An mVRRP group can be bound to multiple service VRRP groups but cannot function as a
service VRRP group and be bound to other mVRRP groups.

6 Service Features
An mVRRP backup group can join a VGMP group as a member. After an mVRRP group joins
a VGMP group, you can configure the mVRRP group to monitor the statuses of both the peer
and link BFD sessions. The state machine of the mVRRP group, however, loses its
independence. Except for the Initialize state, the Backup and Master states depend on the
status of the VGMP group that the mVRRP group joins.
VGMP
Some applications require the session with the same come-and-go path. That is, the packets of
the same session must pass through the same device. In this case, VRRP has its own
limitations. If the active/standby switchover is performed, the come-and-go paths of the same
session may be inconsistent.
To avoid the preceding problem, Huawei develops the VRRP Group Management Protocol
(VGMP) on the basis of VRRP. The VRRP management group set up on the basis of VGMP
uniformly manages the joining VRRP backup groups. On a router, the interfaces that belong
to different VRRP backup groups are thus kept active or standby simultaneously. In this
manner, the VRRP statuses of the router are kept consistent.
Configure VGMP in the following scenarios:
The system is configured with a large number of VRRP backup groups.
The system processes the VRRP protocol packets on the SRU/MPU. A large number of
VRRP backup groups may generate many VRRP protocol packets. These protocol
packets compete with other protocol packets for CPU resources and the channel as well
as the bandwidth of the inter-board communication. In this case, the system is
overloaded.
To decrease the system resources occupied by protocol packets, you can configure a
VRRP management group to control these VRRP backup groups. Thus, the VRRP
backup groups do not send packets by themselves and occupy less of system resources.
The routers are enabled with firewall, NAT gateway, or policy server.
These functions require the same come-and-go path of the same session. Configuring a
VRRP management group to uniformly manage the VRRP backup groups ensures that
the status of the VRRP backup groups is consistent.
ETH OAM for VRRP

ETH OAM for VRRP is designed to improve reliability in a network that is not enabled with
multi-homed Stream Control Transmission Protocol (SCTP) or load balancing.

6 Service Features
Figure 6-56 ETH OAM for VRRP networking
G9 Bearer
Network
CX CX
MSoft UMG HLR
Singaling interface Media interface
As shown in Figure 6-56, the MsoftX, Universal Media Gateway (UMG), and Home Location
Register (HLR) are dual-homed to the master and backup routers in a VRRP network. You can
ensure the reliability on the media plane by connecting UMG to the VRRP network and the
reliability on the signaling plane through dual-homed SCTP. If the devices do not support
SCTP, you can configure ETH OAM for VRRP to ensure the reliability.
VRRP for IPv6

VRRP for IPv6 refers to that VRRP is applied to an IPv6 network and the VRRP principles
remain unchanged.

6 Service Features
Figure 6-57 Networking diagram of VRRP for IPv6
Virtual IP Address:
RouterA
2002::1
2002::2 Master
HostA
RouterB
2002::3 Backup
HostB Netw ork
RouterC
2002::4 Backup
HostC
Ethernet
As shown in Figure 6-57, IPv6 runs on each host and each router on an IPv6 network. A
VRRP backup group, consisting of a group of routers in a LAN, functions as a virtual router.
The hosts in the LAN set the IPv6 address of the virtual router as the default gateway. In this
manner, the hosts only need to obtain the IPv6 address of the virtual router rather than that of
a specific router and use the default gateway to communicate with external networks. To
ensure reliability and use routers efficiently, you can create multiple VRRP backup groups to
balance traffic on the network.
6.13.7 GR
Graceful Restart (GR ) is a key technology in implementing HA. The GR switchover and
subsequent restart can be performed by the administrator or triggered by faults. GR neither
deletes the routing information from the routing table or the FIB nor resets the board during
the switchover when faults occur. This prevents the services interruption of the entire system.
GR has the following advantages:
Simple and easy to implement. You only need to modify some protocols rather than
changing the current software.
It does not need to back up the protocol status information.
Few data needs to be backed up from the AMB to the SMB. The data includes
configuration modification, updated messages and events, interface status change, and
topology information and routing information from neighbors after restart.
During the switchover, there is little probability of service interruption.
The network converges rapidly in normal situations.
The CX600 supports system-based GR and protocol-based GR. The protocol-based GR
includes:
BGP GR
OSPF GR
IS-IS GR
MPLS LDP GR

6 Service Features
L3VPN GR
RSVP GR
6.13.8 BFD
The BFD is a detection mechanism used in the entire network. It can quickly detect and
monitor the connection of links and forwarding state of the IP route in the network.
Detection packets are transmitted from both ends of the bidirectional link. The CX600 tests
the link status from both directions to realize failure detection in milliseconds. The CX600
supports single-hop BFD and multi-hop BFD.
The following describes the BFD features supported by the CX600.
BFD for VRRP

BFD can detect and monitor connectivity of the link layer or IP layer of the network and
trigger the rapid VRRP switchover.
BFD for FRR

BFD for LDP FRR
BFD can detect the protected interfaces that can trigger the LDP FRR switching.
BFD for IP FRR and BFD for VPN FRR
On the CX600, IP FRR and VPN FRR are triggered after BFD reports detection faults to
the upper-layer application.
BFD for Static Routes

Static routes do not have the detection mechanism. When the network fails, administrator
interference is needed.
With the feature of BFD for static routes, the BFD session can be used to detect the status of
the IPv4 static route in the public network. The routing management system determines
whether the static route is available according to the BFD session status.
BFD for IS-IS

The CX600 supports the detection on the IS-IS adjacency by using the BFD session
configured statically.
BFD detects the fault of the link between adjacent IS-IS nodes and rapidly reports the fault to
IS-IS to trigger the fast route convergence of IS-IS.
BFD for IPv6 IS-IS

The CX600 supports IPv6 IS-IS in dynamically setting up and deleting a BFD session.
When a routing protocol sets up a neighbor relationship, the routing protocol notifies
BFD through the routing management (RM) module to establish sessions. The neighbor
relationship of the routing protocol is rapidly detected. The detection parameters of BFD
sessions are negotiated by both ends through the routing protocol.
When a BFD session detects a fault, the BFD session becomes Down. BFD triggers route
convergence through the RM module.

6 Service Features
Generally, routing protocols implement detection in seconds through the Keepalive mechanism of Hello
messages, whereas BFD carries out detection in milliseconds. When the detection interval is 10 ms and
the detection multiplier is 3, BFD can report protocol failures within 50 ms. This speeds up route
convergence.
BFD through the routing management (RM) module to establish sessions. The neighbor
relationship of the routing protocol is rapidly detected. The detection parameters of BFD
sessions are negotiated by both ends through the routing protocol.
When the neighbor is unreachable, the routing protocol notifies BFD through the RM module
to delete the session.
BFD for OSPF/BGP

The CX600 supports OSPF and BGP in dynamically setting up and deleting a BFD session.
When the routing protocol neighbor relation is established successfully, a routing
protocol notifies the establishment of a BFD session through routing management
module and fast detects the neighbor relation of the routing protocol. The detection
parameters of the BFD session are set by the routing protocol.
When the BFD session detects the fault, the BFD session status becomes Down. BFD
triggers route convergence through the RM module.
Generally, routing protocols implement second-level detection based on the Keepalive mechanism of
Hello packets, whereas BFD carries out millisecond-level detection. When the detection interval is 10
ms and the detection multiplier is 3, BFD can report the protocol failures in 50 ms. The route
convergence thus speeds up.
When the neighbor status is unreachable, the routing protocol tells BFD to delete the
session through the RM module.
BFD for OSPFv3/BGP4+

The CX600 supports OSPFv3 and BGP4+ in dynamically setting up and deleting a BFD
session.
BFD through the RM module to establish BFD sessions. The neighbor relationship of the
routing protocol then can be rapidly detected. The detection parameters of BFD sessions
are negotiated by both ends through the routing protocol.
When a BFD session detects a fault, the BFD session becomes Down. BFD triggers route
convergence through the RM module.
Generally, routing protocols implement second-level detection through the Keepalive mechanism of
Hello messages, whereas BFD carries out millisecond-level detection. When the detection interval is 10
ms and the detection multiplier is 3, BFD can report protocol failures within 50 ms. This speeds up route
convergence.
When the neighbor is unreachable, the routing protocol notifies BFD through the RM
module to delete the session.
BFD for PIM

PIM BFD is applicable to the shared network segment where routers enabled with PIM reside.
PIM BFD fast detects the fault of the DR or Assert Winner.

6 Service Features
PIM BFD uses normal BFD messages. It automatically sets up BFD sessions between PIM
neighbors, monitors the status of the PIM neighbors, and responds to the failure of the
neighbor promptly.
BFD for IP-Trunk and Eth-Trunk

IP-Trunk and Eth-Trunk consist of member links, providing large bandwidth or high
reliability.
When the number of member links being Up reaches a certain value, the corresponding trunks
can keep Up.
On the CX600, BFD can detect a trunk and a trunk member interface independently. That is, it
can detect the connectivity of the trunk and that of an important member link of the trunk.
BFP for LSP

BFD for LSP indicates that BFD packets are transmitted along the static LSP, the dynamic
LSP, the RSVP-TE tunnel, and the PW. By fast transmitting and receiving of BFD packets,
fast detection of the link fault can be carried out. The carried services can thus be fast
switched for service protection.
BFD for LSP performs fast fault detection of LSPs, TE tunnels, and PWs. In this way, BFD
for LSP realizes fast switchover of MPLS services such as VPN FRR, TE FRR, and VLL
FRR.
6.13.9 FRR
The CX600 provides multiple FRR features. You can deploy FRR as required to improve
network reliability.
IP FRR
FRR can minimize data loss due to network faults. The switching time can reach 50 ms.
The CX600 provides FRR that enables the system to monitor and store the real-time status of
the boards and ports, and check the status of the ports when packets are forwarded. When
abnormality occurs on a port, the system can fast switch traffic to another preset route. This
improves the Mean Time Between Failures (MTBF) and reduces the amount of lost packets.
LDP FRR
The traditional IP FRR cannot effectively protect the traffic in the MPLS network. The
CX600 provides the LDP FRR function and the solution to port protection.
Along an LDP with Downstream Unsolicited (DU) label distribution, ordered label control
and liberal label retention, a Label Switch Router (LSR) saves all label mapping messages.
Only the label mapping messages sent by the next hop corresponding to the FEC can generate
a label forwarding table. With this feature, the backup LSP is set up if a label forwarding table
is produced for the liberal label mappings.
Normally, a packet is forwarded through the primary LSP. When the outgoing interface of the
primary LSP is Down, the packet is forwarded through the backup LSP. This ensures
continuous traffic follow before network convergence.

6 Service Features
Hybrid FRR
The CX600 supports the FRR formed by the combination of IP routes and VPN routes in a
same VPN instance. That is, the CX600 supports hybrid FRR.
In a bearer network, IP FRR is deployed when a CE is dual-homed to PEs. If multiple voice
VPNs are connected to the CE and a POS link is encapsulated between the two PEs, the POS
interface cannot be divided into sub-interfaces that can be bound to different VPNs to provide
a backup link for the traffic.
In this case, the BGP VPNv4 peer can be set up between the two PEs. Therefore, the backup
path, in the form of a private route, is exchanged between the two PEs. The VPNv4 route then
serves as a backup of the IP route between the PE and the CE, and FRR is thus implemented
on the CX600. In this manner, the traffic can be switched within 50 ms.
TE FRR
TE FRR is a technology used in MPLS TE to implement local protection for the network.
Only the interfaces at a speed of over 100 Mbit/s support TE FRR. The switching time of TE
FRR can reach 50ms. It can minimize data loss when network failures occur.
TE FRR is only a temporary protection method. When the protected LSP becomes normal or a
new LSP is established, the traffic is switched back to the original LSP or the newly
established LSP.
After an LSP is configured with TE FRR, the traffic is switched to its protection link and the
ingress node of the LSP attempts to establish a new LSP when a link or a node on the LSP
fails.
With different protected objects, TE FRR is divided into the following types:
Link protection: Direct link connection exists between the PLR and the MP, and the
primary tunnel passes through this link. When this link is invalidated, the traffic can be
switched to the bypass LSP. In Figure 6-58, the primary LSP is R1->R2->R3->R4; the
bypass LSP is R2->R6->R3.
Figure 6-58 Diagram of TE FRR link protection

PLR MP
R1 R2 R3 R4
Primary LSP
Bypass LSP
R6
Node protection: In Figure 6-59, the PLR and the MP are connected through R3. The
primary LSP passes through R3 is R1->R2->R3->R4->R5; the bypass LSP is
R2->R6->R4; R3 is the protected router; When R3 fails, the traffic can be switched to
the bypass LSP.

6 Service Features
Figure 6-59 Diagram of TE FRR node protection
PLR MP
R1 R2 R3 R4 R5
Primary LSP
Bypass LSP
R6
VLL FRR
VLL FRR is a technique of realizing network protection in the L2VPN. It fast switches user
traffic to the backup link after a fault occurs to the network. In this way, the reliability of the
L2VPN is improved. VLL FRR is also called VLL redundancy.
VLL FRR in the L2VPN includes fault detection, fault notification, and active/standby
switchover of links.
The CX600 provides kinds of features that can be combined to realize VLL FRR.
Fault detection
BFD for PW can fast detect the fault of the PW at the network side in an L2VPN.
Ethernet OAM, ATM OAM, PPP, and FR can fast detect the fault at the access circuit
(AC) side in an L2VPN.
Fault notification
LDP, BGP, or RSVP can notify the remote PE router of the fault of the LSP/PW or the
AC.
BFD for LSP/PW can inform the remote PE router of the fault of the LSP/PW or the AC.
Ethernet OAM, ATM OAM, PPP, and FR can notify the local CE router of the fault.
Active/standby switchover of links
In a symmetric network, CE routers perform the active/standby switchover.
In an asymmetric network, PE routers work with CE routers to perform active/standby
switchover.
IPv6/IPv4 VPN FRR

In the traditional L3VPN, the local PE router senses the fault of the remote PE router through
the BGP Hello packets. The time taken to sense the fault defaults to 90 seconds. That is, VPN
routes on the local PE router converge after the fault of the remote PE router lasts 90 seconds.
IPv6/IPv4 VPN FRR supported by the CX600 can solve the preceding problem. When the CE
router is dual-homed, IPv6/IPv4 VPN FRR can fast switch VPN services to the backup tunnel
and PE router after the link between the CE router and the PE router is disconnected or after
the PE router restarts. In this manner, services are restored within a short period.
The forwarding engine of the local PE router keeps not only the outer labels of the
remote active PE router and the inner labels distributed to VPN routes, but also the outer
labels of the remote standby PE router and the inner labels distributed to VPN routes.

6 Service Features
With the end-to-end fault detection mechanisms such as BFD, the local PE router senses
the fault of the remote active PE router within 200 milliseconds and then switches the
outer and inner labels of the remote active and standby PEs at the same time.
VPN FRR solves the problem of switchover between inner labels. The switchover
priority level of VPN FRR is lower than that of LDP/MPLS TE FRR. The time taken by
VPN FRR to sense the fault is thus more than that taken by LDP/TE FRR.
PW Redundancy
Private network multi-protection
PW redundancy is an extension to VLL FRR. The CE is hardly aware of the public
network status, so the association between the PW and Ethernet OAM is unnecessary.
The master or slave role of the PE can be negotiated by configuring MC-LAG and
MC-APS. The PW connected to the slave PE can be torn down by configuring the
cross-device trunk on the CE together with MC-LAG and MC-APS so that traffic is
forwarded only over the primary PW. The primary PW is in the active state and the
backup PW is in the standby state.
Public network multi-protection
In VLL FRR, master/slave switchover is performed on two UPEs; in PW redundancy,
master/slave switchover is performed on two SPEs in addition to on two UPEs. As
shown in the following figure, if a public PW is switched to PE1 -> PE2 -> PE3 and PE2
serves as the SPE of PWE3, a backup PW, that is, PE2 -> PE4 -> PE3, can be generated
on the SPE. If the PW from PE2 to PE3 is faulty, the PW from PE1 to PE2, is not
affected and traffic is fast switched to the backup PW on PE2.
Figure 6-60 Networking diagram of PW redundancy
Primary
PW
PE1 PE3
Activ e Activ e
ICB PW
Activ e Activ e
Cross-deviceTrunk Cross-deviceTrunk
PE2 PE4
Backup PW
on the SPE
6.13.10 BGP Indirect Next Hop

In the scenario in need of route iteration, when IGP routes or tunnels are switched, FIB entries
are quickly refreshed. This implements traffic fast convergence and reduces the impact on
services.

6 Service Features
After a link is interrupted, the control plane rapidly detects the change of the next hop of the
BGP route through IGP route convergence, and then delivers the updated BGP next hop
information to the hardware forwarding table. In this manner, the hardware forwarding table
is updated within 200 ms after the link fault occurs.
6.13.11 NSR
Non-Stop Routing (NSR) ensures that the control plane of a neighbor does not sense the fault
on the control plane of a router that provides a slave control plane. In this process, the
neighbor relationships set up through specific routing protocols, MPLS, and other protocols
that carry services are not interrupted.
As an HA solution, NSR ensures that user services are not affected or least affected in the case
of device failures.
IS-IS NSR
IS-IS NSR ensures that the real-time data is highly synchronized between the master and
slave MPU/SRUs. In this manner, in the case of the master/slave switchover, the slave
MPU/SRU can rapidly take over services on the master MPU/SRU with neighbors not
sensing router failures.
BGP NSR
During the master/slave switchover, BGP NSR ensures the continuous forwarding at the lower
layer and continuous advertisement of BGP routes. In this process, the neighbor relationships
are not affected, with neighbors not knowing the switchover on the local router. This ensures
uninterrupted transmission of BGP services.
6.13.12 iSRM
The working principle of In-Line Real-time Stream Monitoring (iSRM) is shown in Figure
6-61.
Figure 6-61 Working principle of iSRM

错误！
错误！未指定文件名。
未指定文件名。
iSRM is enabled and the unified time-slice is configured on the NMS.
According to the LM-frame, per-stream statistics are collected hop by hop.
The interval for inserting LM-frames can be flexibly configured, and the proposed interval is
100 ms.
The SQM center collects statistical information and generates the 7x24 hours SLA report.
The process of iSRM is as follows:
The ingress node identifies data streams based on ACLs and inserts an LM-frame into
the stream per time-slice.
The transit node identifies LM-frames and collects statistics for each stream.
The egress node collects statistics for each stream, and identifies and discards
LM-frames.

6 Service Features
iSRM provides the following functions:

Monitoring the native IP performance
Monitoring the Pipe performance
Passing through the third vendor's network
6.14 Clock
6.14.1 CES ACR
6.14.2 CES DCR
6.14.3 Ethernet Clock Synchronization
6.14.4 Clock Synchronization Defined in IEEE 1588v2
6.14.1 CES ACR

Adaptive Clock Recovery (ACR) is a clock synchronization mechanism, which enables the
slave device to restore its service clock based on the frequency information carried in the
service packet from the master device. The master device sends clock signals and the slave
device receives clock signals
The master device encapsulates the clock signals into a data packet and sends the data packet
to the packet switching network (PSN) through a PW. Clock signals are transmitted through a
service PW instead of a special PW. Upon receiving the data packet, the slave device
timestamps the packet on both the incoming interface where the packet is received and the
outgoing interface where the packet leaves the jitter buffer. These two timestamps are used by
the ACR algorithm to calculate the time difference that the slave device needs to eliminate.
6.14.2 CES DCR

Differential Clock Recovery (DCR) is a clock synchronization mechanism, which enables the
master device to calculate the difference value between the service clock on the master device
and the public reference clock, and transmit the difference value to the slave device, which
then adjusts its own service clock based on this difference value and the public reference
clock.
The master device encapsulates the clock signals into a data packet and sends the data packet
to the PSN through a PW. Clock signals are transmitted through a service PW instead of a
special PW. When the data packet is sent from the master device, a local timestamp is added
to the RTP header of the PW header. Upon receiving the data packet, the slave device adds
another timestamp to the packet on the outgoing interface where the packet leaves the jitter
buffer. These two timestamps are used by the DCR algorithm to calculate the time difference
that the slave device needs to eliminate.
6.14.3 Ethernet Clock Synchronization

Clock synchronization is a technique that limits the difference in terms of clock frequency or
phase between the network elements (NEs ) in digital networks within a certain range. If the
clock frequency deviation and phase deviation exceed the allowed error range, error codes
and jitter may occur. This degrades the transmission performance.
The LPUF-10 and LPUF-21 on the CX600 provide Ethernet clock synchronization. The clock
quality and stratum can thus be guaranteed.

6 Service Features
Figure 6-62 Networking diagram of Ethernet clock synchronization
MSC- MSC-
SERVER SERVER
NC
RNC PSTN
Mc IP Mc
Iu-CS
IP
Node B Nb
Iu-PS MGW MGW
Iur
IP SS7/TDM IP SS7/IP
HLR SCP
PS
IP IP
Iu-PS I n t e rn e t
Gi
Node B RNC SGSN GGSN
In a wireless network, Ethernet links have high requirements for clocks. As shown in Figure
6-62, in the future IP-RAN solution, the IP network runs as the bearer layer between Node B
and the RNC. With Ethernet clock synchronization, clock transmission in the IP network can
be guaranteed.
In addition, Ethernet clock synchronization supports the backup of the clock reference source
to enhance the reliability of links. When an Ethernet link becomes Down, the system
automatically selects the backup Ethernet interface to extract clock information.
6.14.4 Clock Synchronization Defined in IEEE 1588v2

Clock frequencies between different BTSs must be synchronized according to a specified
standard on clock accuracy, otherwise, connections will be cut off during the failover of the
BTSs. Therefore, an IP bearer network needs to implement clock synchronization between
wireless BTSs. Some wireless standards, however, do not meet the requirements on clock
frequency accuracy. As a result, these wireless standards require phase synchronization (time
synchronization ) in particular. Currently, there are multiple wireless standards, each of which
has different requirements on clock accuracy. Hardware-based clock synchronization defined
in IEEE 1588v2 can meet different requirements of various wireless standards on clock
accuracy.
Table 6-2 Requirements of wireless technology on clock accuracy
Wireless Standards Requirement on Requirement on Clock Phase

Frequency Accuracy Accuracy
GSM 0.05 ppm NA

WCDMA 0.05 ppm NA
TD-SCDMA 0.05 ppm 3 us
CDMA2000 0.05 ppm 3 us

6 Service Features
Wireless Standards Requirement on Requirement on Clock Phase

Frequency Accuracy Accuracy
WiMax FDD 0.05 ppm NA

WiMax TDD 0.05 ppm 1 us
LTE 0.05 ppm For LTE, time synchronization is
recommended.
The specifications of the 1588v2 feature are as follows:

Supports input and output of the external synchronization time.
Supports 10M, FE, GE, and 10GE Ethernet ports and auto sensing of 10M, 100M, and
1000M Ethernet ports.
Supports Eth-Trunk links.
Does not support POS, ATM, or E1 ports.
Supports 1588v2 but not 1588v1.
Supports the device to function as an OC, a BC, an E2E-TC, a P2PTC, or an OC+TC.
Supports the device to function as a grandmaster.
Supports the OC to work in slave-only mode.
Supports the dynamic best master clock (BMC) algorithm.
Supports the protection switching of time sources without affecting services.
Supports delay measurement in Delay mode or PDelay mode.
Supports the one-step mode (for receiving and sending timing messages) or the two-step
mode (for only receiving and transparently transmitting timing messages).
Supports multicast MAC encapsulation. (The VLAN tag and priority are configurable.)
Supports multicast UDP encapsulation. (The source IP address, the VLAN tag, and
priority are configurable.)
Supports unicast MAC encapsulation. (The destination MAC address, the VLAN tag,
and priority are configurable.)
Supports unicast UDP encapsulation. (The source IP address, destination IP address,
destination MAC address, the VLAN tag, and priority are configurable.)
Supports 1588v2 clock recovery. Supports the NE40E to perform clock
synchronization only.
Supports 1588v2 recovery clock to function as a clock source; supports the dynamic
BCM algorithm according to the priority and clock stratum.
Supports time synchronization.
Back-to-back (B2B) clock recovery complies with G.813 and the time synchronization
precision is better than ±100 ns.
For signals passing through a range of 10 network elements, the frequency recovery
meets the requirements of G.823 SEC synchronous ports. The time synchronization
precision is better than ±1 us and the frequency accuracy is better than 0.02 ppm.
In the B2B environment, the slave node can be synchronized with the master node within
5 minutes.
1588v2 headers overlap without affecting original forwarding capabilities.

6 Service Features
The 48-port FE sub-cards support 24 1588v2 ports; all ports on other sub-cards can be
enabled with 1588v2; the number of 1588v2 ports is not limited on a router.

7 Application Scenarios
About This Chapter

7.1 Application on a Metro Ethernet network
7.1 Application on a Metro Ethernet network

As shown in Figure 7-1, the metro Ethernet consists of the core layer, the edge layer, the
aggregation layer, and the access layer. The core layer is responsible for the high-speed
forwarding of service data. The edge layer and the aggregation layer serve as the access point
of various services. The services access the network for forwarding through the BRAS, the
centralized PE, or the aggregation node, based on the service type. The access layer is
responsible for the user access, and the devices at the access layer include the DSLAM, the
converged switch, AG, and NodeB.
Figure 7-1 Metro Ethernet network diagram
Access Ethernet Aggregation Edge Core Application
Distribution I n t ernet
node
BRAS Internet
DSLAM
CMTS Aggregafion
P/PE
Node
P/PE SoftX
VoD ES
Distribution P/PE
node
AccSwitch PE VoD CS
The aggregation layer device accesses and forwards the services through the IP or MPLS
technologies. Individual services are accessed to the aggregation node through the DSLAM,
and corporate services are converged at Layer 2 through a switch or are directly accessed to
the aggregation node.

DSLAM: refers to the Digital Subscriber Line Access Multiplexer that accesses the
individual services through the permanent virtual circuit (PVC). The DLSAM adds the
VLAN or QinQ tag based on the types of users and services, and is generally connected
to the aggregation node.
Switch: refers to the access switch that converges the Layer 2 corporate services to the
aggregation node.
Aggregation node: refers to the distributed service node (PE). The aggregation node
distinguishes the VLAN or QinQ user services, forwards Layer 3 services or VPN
services, or transparently transmits services to the BRAS or the centralized PE through
the IP or MPLS technologies.
Distribution node: refers to the distribution node that converges the services in the metro
Ethernet. The distribution node terminates the IP or MPLS technologies and
transparently transmits the services to the BRAS or the centralized PE.
BRAS: refers to a device that processes PPPoE login services of individual users.
PE: refers to the centralized service node, which can also serve as the distribution node.
PE accesses the services that should be converged and processed, such as centralized
L3VPN services.
P/PE: refers to the core forwarding node or the edge node on the back bone network. P or
PE rapidly forwards the services or accesses the services to the backbone network.
The CX600 is applicable for the aggregation node and the distribution node to guarantee the
access of individual services and corporate services.
Individual Services
HSI service: The DSLAM adds QinQ tags to distinguish user services. The outer VLAN
tag indicates the service type. The CX600 at the aggregation node transparently transmits
the services to the distribution node through EOMPLS (VLL or VPLS). The distribution
node can be the CX600. The distribution node terminates the transmission and then
transparently transmits the QinQ data to the BRAS.
VOD/VoIP: The CX600 at the aggregation node terminates the VLAN or QinQ tag
added by the DSLAM, and forwards the services to Layer 3 network or accesses the
services to L3VPN for forwarding.
BTV: The CX600 at the aggregation node serves as the designated router (DR) of the
Protocol Independent Multicast (PIM). The aggregation node receives the multicast data
distributed through the PIM protocol, and then sends the data to the DSLAM through
multicast VLAN. The user joins or withdraws a group through IGMP, and the hot
channels send data to DR by static route.
Corporate Services
Corporate dedicated line: The corporate dedicated line is connected to Layer 3 network
through the CX600 at the aggregation node.
E-LINE: The PW, an end-to-end L2VPN tunnel, is set up between the CX600 at the
aggregation node and the peer end. The E-LINE services are transmitted to the peer end
through different tunnels based on the VLAN or QinQ tags identified at the aggregation
node.
E-LAN: The CX600 at the aggregation node creates the VSI, and forwards the service
data to different VSIs for forwarding after the VLAN or QinQ tag is identified. The
service data can also be accessed to the 2-LAN services through H-PVLS, during which
the VSI is created by the distribution node.

L3VPN: The services are accessed to the Virtual Route Forwarding (VRF) at the aggregation
node, or accessed to the centralized service node for VRF forwarding through HoVPN.
IP RAN Solutions
Services of a 2G RAN network, mainly a small volume of voice services, are transmitted over
TDM links. Usually one to three E1 interfaces on a BTS are connected to a BSC. Some
cellular carriers do not have fixed network infrastructure, and have to lease E1 lines of
fixed-line networks, which costs a lot. Services between the BTSs and BSCs in the same city
can be transparent transmitted over TDM links in a Metro Ethernet (ME ) network.
For a 2G RAN network, a Packet Switching Network (PSN ) is constructed through CX600s
between the BTSs and a BSC. The CX600 is connected to the BTSs in the downstream
through E1/T1 links, and to the BSC in the upstream through n x E1/T1 links or 155-Mbit/s
links, As shown in Figure 7-2.
Mobile carriers in worldwide construct RANs one after another. The 2G RAN network is
based on TDM/SDH, and thus it has a lower utilization of bandwidth, is hard to expanded,
and is inflexible to configure. Therefore, IP RAN is a trend. UMTS R99/R4 defines ATM as
the protocol used during the transmission of the services between the Node B and RNC, with
E1 IMA interfaces connecting the two ends. Figure 7-2 shows the networking diagram.
Figure 7-2 2G/3G RAN solutions
E1
T DM
*N CX600
CX600
E1 TDM E1 TDM*N
BSC
MPLS over SDH/ME
N *E1(ATM IMA) N *E1(ATM IMA)

FE GE
Node B A) CX600 CX600 RNC

IM
TM
1 (A E
*E F
N Transparent transmission
of ATM cells through PWE3
Node B Transparent transmission

of TDM services
Deploying routers in an MPLS network can solve the problem of bandwidth multiplexing.
Node B is connected to the CX600 that supports E1 IMA interfaces. After the CX600
terminates IMA, the high-speed ATM cell flow are transparently transmitted through ATM
PWE3 to the CX600 at the RNC side. Then, The CX600 at the RNC side divides the
high-speed ATM cell flow into n x E1 links, and sends multiple channels of low-speed cells to
the RNC. For the Node B and RNC, the CX600 and MPLS network are transparent. That is,
multiple E1 interfaces on the Node B and RNC are directly connected through the TDM link.

1588v2
As shown in Figure 7-3, the bearer network synchronizes its time through GPS or external
time sources, and then provides the clock or time externally.
The nodes in the bearer network can trace a BITS clock. All the nodes in the network serve as
boundary clocks (BCs ), and all the BCs support the peer delay mechanism to be adapted to
fast switchover of links. The BCs encapsulate the clock information in multicast packet, and
then send the multicast packets to the Node B. The nodes that do not support IEEE 1588 can
be configured to support GPS if these nodes are connected through POS or ATM links. The
Node B that does not support IEEE 1588 synchronizes frequency through Ethernet clock
synchronization or through WAN interfaces.
Figure 7-3 Clock synchronization solution in IEEE 1588v2
GPS GPS
POS
BC BC
1588v2 1588v2
GE GE
BC BC
FE E1 E1 FE
1588v2 1588v2
Node B Node B Node B Node B

with 1588v2 without 1588v2 without 1588v2 with 1588v2

8 Operation and Maintenance
About This Chapter

8.1 Benefits
8.2 Network Management System
8.1 Benefits
8.1.1 System Configuration Mode
8.1.2 System Management and Maintenance
8.1.3 HGMP
8.1.4 System Service and Status Tracking
8.1.5 System Test and Diagnosis
8.1.6 In-Service Debugging
8.1.7 Upgrade Features
8.1.8 GTL
8.1.9 Miscellaneous Features
8.1.1 System Configuration Mode

The CX600 provides two configuration modes, that is, command line configuration and NMS
configuration.
Command line configuration supports:
Local configuration through the console port
Remote configuration through the AUX port with a Modem
Remote configuration through Telnet
NMS configuration supports the SNMP-based NMS Configuring.

8.1.2 System Management and Maintenance

The CX600 provides the following system management and maintenance functions:
In-service board detection, hot swap detection, Watch Dog, board reset, control over
running and debugging indicators, fan monitoring, power monitoring, active/standby
switchover control, and version query
Local and remote software upgrading and data loading, upgrade rollback, backup,
storage, and removal
Hierarchical user authority management, operation log management, online help and
comment for command lines
Multi-user operation
Collection of multi-layer information, including port information, Layer 2 information,
and Layer 3 information
Hierarchical management, alarm classification, and alarm filtering
8.1.3 HGMP
The CX600 supports Huawei Group Management Protocol (HGMP ), which is a cluster
management protocol developed by Huawei.
HGMP is used to group Layer 2 devices that are connected to the CX600 into a unified
management domain, that is, a cluster. In addition, HGMP supports automatic collection of
network topologies and provides integrated maintenance and management channels. In this
manner, a cluster uses only one IP address for external communications, simplifying device
management and saving IP addresses.
8.1.4 System Service and Status Tracking

The CX600 can track the system service and status as follows:
Monitors the change of the state machine of routing protocols.
Monitors the change of the state machine of MPLS LDP.
Monitors the change of VPN-related state machine.
Monitors the type of protocol packets sent by the NP to the CPU, and displays details
about the packets with the debugging function.
Monitors and clears the statistics on abnormal packets.
Displays notification when the processing of the abnormality takes effect.
Collects the statistics on the resources used by each feature system.
8.1.5 System Test and Diagnosis

The CX600 provides debugging for running services. It can in-service record key events,
packet processing, packet resolution, and state switchover at the specified period. This helps
in device debugging and networking. You can enable or disable the debugging of a specific
service (such as a routing protocol ) and a specific interface (such as the routing protocol
information on a specified interface ) through the debugging command.
The CX600 provides the trace function on system operation. It can in-service record key
events such as task switchover, task interruption, queue read-and-write, and system
abnormality. When the system is restarted after a fault occurs, you can read the trace

information for fault location. You can enable or disable the trace function through the tracert
command.
In addition, you can query the CPU usage of the SRU/MPU and the LPU in real time.
The debugging and trace functions of the CX600 classify information. The sensitive
information of different classes is directed to different destinations of output based on the user
configuration. The destinations of output include the console display, Syslog server, and
SNMP Trap trigger alarm.
The CX600 also provides the Network Quality Analysis (NQA ) function.
NQA measures the performance of each protocol that runs in the network and helps the
network operator collect network running indexes, such as total delay of HTTP, delay of a
TCP connection, delay of DNS resolution, rate of file transfer, delay of an FTP connection,
and rate of wrong DNS resolution. By controlling these indexes, the network operator
provides users with services of various grades and charges them differently.
NQA is also an effective tool in diagnosing and locating faults in the network.
8.1.6 In-Service Debugging

The CX600 provides the port mirroring function which is used to map the specified traffic to
a monitored port so that the maintenance personnel can debug and analyze the operation
status of the network.
8.1.7 Upgrade Features

In-Service Upgrade
The router supports in-service upgrading and patching of the software. Thus, you can upgrade
only the features that require modification.
System Upgrade
The system upgrade optimizes the upgrading process. You can use one command to complete
the upgrading. Thus, you can save time. During the upgrading process, the progress is
displayed. After the upgrading is complete, you can view the results.
Rollback
During the upgrading process, if the new system software cannot start the system, you can use
the previous one that successfully started the system.
The rollback function can protect services against the failure in the system upgrading.
8.1.8 GTL
The CX600 is bearing more software features. Thus, the cost of software gradually constitutes
a larger percentage of the total cost. This mode, however, cannot cater to users and carriers in
the following aspects:
Common users want to reduce the purchase cost.
Users that need upgrade the devices want to be able to expand the capacity of devices
and choose the service features as required.

To meet different requirements, the CX600 provides flexible authorization of service features.
The CX600 provides a management platform of license authorization through the Global
Trotter License (GTL). This achieves the authorization of service features. In this mode,
Common users can purchase the service features as required. The purchase cost is thus
reduced.
Users that need upgrade the devices can expand the capacity of devices and add new
service features by applying for new licenses.
Provided with GTL, the CX600 manages the features of L3VPN, L2VPN, MVPN, GRE
tunnels, IPv6 tunnels, 1588v2,6PE (IPv4 over IPv6) tunnels, Netstream.
8.1.9 Miscellaneous Features

The CX600 provides the following additional configuration features:
Hierarchical protection for configuration commands, ensuring that the unauthorized
users can not access the router.
Online help available if you type a question mark (? ).
Various debugging information for network troubleshooting.
DosKey-like function for running a history command.
Fuzzy search for command lines. For example, you can enter the non-conflicting key
words "disp" for the display command.
8.2 Network Management System

NMS
The CX600 adopts the Huawei iManager U2000 NMS. It supports SNMP V1/V2c/V3 and the
Client/Server model. The NMS can operate on multiple operating systems such as Windows
NT/2000/XP and UNIX (SUN, HP, and IBM ). The NMS provides graphic user interfaces in
multiple languages.
The iManager U2000 NMS can be seamlessly integrated with the NMS of other Huawei fixed
network telecommunication equipment, for centralized management.
The U2000 NMS can also be integrated with other universal NMSs in the industry, such as
HP OpenView, IBM NetView, What's up Gold, and SNMPc. This makes it possible to perform
the unified management on the devices of multiple vendors. The U2000 NMS provides the
follow management functions:
Real-time management on the topology.
Fault.
Performance.
Configuration tool.
Equipment log.
Security and users
QoS policy
VPN service

In addition, it can be used to download, save, modify, and upload configuration files, as well
as upgrade the system software.
LLDP
At present, the Ethernet technology is extensively used in the Local Area Network (LAN )
and Metropolitan Area Network (MAN ). With the increasing demand for large-scale
networks, the network management capabilities of Ethernet are in great demand. For example,
the network management of Ethernet should address issues such as automatically obtaining
topology of interconnected devices and conflicts in configurations on different devices.
Recently, the Network Management System (NMS ) software adopts the function of
automated discovery to trace changes in topology. Most NMS software, however, can at best
analyze the network layer topology and group devices to different IP subnets. The NMS
provides data only about adding or deleting devices. The NMS cannot obtain information
about the interfaces on a device, which are used to connect another device. That is, the NMS
cannot locate a device or determine its operation mode.
The Layer 2 Discovery (L2D ) protocol can discover precise information about the interfaces
situated on the devices and the interfaces that are used to connect other devices. The L2D
protocol also displays the paths between the client, switch, router, application server, and
network server. The preceding detailed information helps locate a network fault.
The Link Layer Discovery Protocol (LLDP ) is an L2D protocol defined in IEEE 802.1ab.
LLDP specifies that the status information is stored on all the interfaces and the device can
send its status to the neighbor stations. The interfaces can also send information about
changes in the status to the neighbor stations as required. The neighbor stations then store the
received information in the standard Management Information Base (MIB ) of the Simple
Network Management Protocol (SNMP ). The NMS can search for the Layer 2 information in
the MIB. As specified in IEEE 802.1ab, the NMS can also find the unreasonable Layer 2
configurations based on the information provided by LLDP.
When LLDP runs on the devices, the NMS can obtain the Layer 2 information about all the
devices it connects and the detailed network topology information. This expands the scope of
network management. LLDP also helps find unreasonable configurations on the network and
reports the configurations to the NMS. This removes error configurations timely.

9 Technical Specification
About This Chapter

9.1 Physical Specifications
9.2 System Configuration
9.3 Specifications of Service Performance
9.4 System Features
9.1 Physical Specifications

9.1.1 CX600-X16
9.1.2 CX600-X8
9.1.3 CX600-X3
9.1.4 CX600-16
9.1.5 CX600-8
9.1.1 CX600-X16
Table 9-1 Physical specifications of CX600-X16
Item Description
Dimensions (width * depth * 442 mm * 650 mm * 1420 mm
height)
Installation Mounted in a 19-inch standard cabinet or an N68E
cabinet
Weight 238 kg (in full configuration)
Maximum power 5360W
Heat dissipation 17390 BTU/hour

Item Description
DC input Rated voltage –48 V
voltage
Maximum –72 V to –38 V
voltage range
AC input Rated voltage 110 V or 220 V
voltage
Maximum 90 V to 280 V
voltage range
Environmental Long-term 0°C to 45°C
temperature
Short-term –5°C to 55°C
Remark Restriction on the temperature variation rate: 30°C
per hour
Storage temperature –40°C to 70°C
Relative Long-term 5% to 85% RH, non-condensing
environmental
humidity Short-term 5% to 95% RH, non-condensing
Relative storage humidity 0% to 95% RH, non-condensing

Altitude for permanent work Within 3000 meters
Storage altitude Within 5000 meters
9.1.2 CX600-X8
Item Description
External dimensions (width * depth 442 mm * 650 mm * 620 mm
* height )
cabinet
Maximum power consumption 2800 W
Heat dissipation 9084BTU/hour
voltage
voltage range
AC input Rated voltage 110V/220 V
voltage
voltage range

Item Description
temperature
per hour
environmental

9.1.3 CX600-X3
Item Description
External dimensions (width * depth DC chassis: 442 mm * 650 mm * 175 mm (4 U
* height ) high )
AC chassis: 442 mm * 650 mm * 220 mm (5 U
high )
cabinet
Weight In full configuration:
DC chassis: 36 kg
AC chassis: 41 kg
voltage
voltage range
voltage
voltage range
temperature

Item Description
per hour
environmental

9.1.4 CX600-16
Table 9-4 Physical specifications of CX600-16
Item Description
Dimensions (width * depth * 442 mm * 669 mm * 1600 mm (36 U)
height)
cabinet
Maximum power 6000 W
voltage
voltage range
voltage
voltage range
temperature
per hour
environmental

Item Description
9.1.5 CX600-8
Table 9-5 Physical specifications of CX600-8
Item Description
External dimensions (width * depth 442 mm * 669 mm * 886 mm (20 U )
* height )
cabinet
Weight In full configuration:
147 kg
voltage
voltage range
voltage
voltage range
temperature
per hour
environmental


9.2 System Configuration

9.2.1 CX600-X16
9.2.2 CX600-X8
9.2.3 CX600-X3
9.2.4 CX600-16
9.2.5 CX600-8
9.2.1 CX600-X16
Table 9-6 System configuration list of CX600-X16
Item Description Remark
Processing unit Main frequency: 1.5 GHz –
BootROM 8 MB –
SDRAM 2 GB It can be extended to 4 GB
NVRAM 4 MB It can be extended to 8 MB
Flash 32 MB It can be extended to 64 MB
CF card 1 GB Two CF cards, Each CF card is
1GB
Switching capacity 2.56 Tbit/s (bidirectional) 1:2 acceleration ratio
Backplane capacity 30 Tbit/s (bidirectional) –
Interface capacity 1.28 Tbit/s (bidirectional) –
Number of LPU slots 16 LPU (optional)
Processing rate of the 16 Kbit/s Bidirectional: sending packets to
LPU the MPU and receiving packets
from the MPU
Number of MPU slots 2 MPU
Processing rate of the 32 Kbit/s Bidirectional: sending packets to
MPU the LPU and receiving packets
from the LPU
Number of SFU slots 4 SFU
Maximum port rate 40 Gbit/s It can be extended to 100 Gbit/s.
supported by LPUs

9.2.2 CX600-X8
Item Typical Remarks

Configuration
Processing unit Main frequency: 1.5 –
GHz
BootROM 8 MB –
NVRAM 4 MB –
Flash 32 MB –
CF card 1 GB Two CF cards, Each CF card is 1GB
Switching capacity 1.28 T -.
Backplane capacity 15 T (bidirectional ) -
Interface capacity 640 G (bidirectional ) -
Number of LPU slots 8 The slots are for LPUs (optional ).
Processing rate of the 16 Kbit/s Bidirectional: sending packets to the
LPU SRU and delivering the packets by
the SRU.
Number of SRU slots 2 -
Transmitting rate of the 32Kbit/s Bidirectional: receiving and
SRU/MPU sending.
Number of SFU slots 1 -
9.2.3 CX600-X3

Configuration
Processing unit Main frequency: 1 –
GHz
BootROM 1 MB –
SDRAM 2 GB –
NVRAM 512 KB –
Flash 32 MB –


Configuration
CF card 512 MB Two CF cards, Each CF card is 512 MB

Switching capacity 1.08 Tbit/s -
Backplane capacity 1.35 Tbit/s -
(bidirectional )
Interface capacity 240 Gbit/s -
(bidirectional )
LPU MPU and delivering the packets by the
MPU.
Number of MPU slots 2 -
Processing rate of the 32 Kbit/s Bidirectional: receiving and sending.
MPU
9.2.4 CX600-16
Table 9-9 System configuration list of CX600-16
Processing unit Main frequency: 1 GHz –
BootROM 1 MB -
NVRAM 512 KB It can be extended to 8 MB
Flash 32 MB It can be extended to 64 MB
Switching 2.56 T bit/s 2:1 acceleration ratio
capacity (bidirectional)
Backplane 4 Tbit/s (bidirectional) –
capacity
Interface capacity 1.28 Tbit/s (bidirectional) –
Number of LPU 16 LPU (optional)
slots
Processing rate of 16 Kbit/s Bidirectional: sending packets to the
the LPU MPU and receiving packets from the
MPU


Number of MPU 2 MPU
slots
Processing rate of 32 Kbit/s Bidirectional: sending packets to the LPU
the MPU and receiving packets from the LPU
Number of SFU 4 SFU
slots
Maximum port 10 Gbit/s It can be extended to 40 Gbit/s.
rate supported by
LPUs
9.2.5 CX600-8
Table 9-10 System configuration list of CX600-8

Configuration
Processing unit Main frequency: 1 –
GHz
BootROM 1 MB –
SDRAM 2 GB –
NVRAM 512 KB –
Flash 32 MB –
Switching capacity 640 Gbit/s The switching capacity of the CX600-8
can be expanded to 1.28 T.
Backplane capacity 2 Tbit/s -
(bidirectional )
Interface capacity 320 Gbit/s -
(bidirectional )
LPU SRU and delivering the packets by the
SRU.
Number of SRU slots 2 -
Transmitting rate of the 32 Kbit/s Bidirectional: receiving and sending.
SRU
Number of SFU slots 2 -


Configuration
MAX processing rate of 10Gbit/s -
interface on the LPU
9.3 Specifications of Service Performance

Table 9-11 Service performance specifications
Attribute Service Feature Technical and Performance
Specifications
IP unicast IPv4/IPv6 forwarding Line-rate forwarding of IPv4/IPv6
packets on high-speed interfaces
Routing entries 6M
12M
IPv4 FIB 1M
Routing convergence speed 10K routing entries/s
Number of IPv6 over IPv4 8000
tunnels
Number of 6PEs >1000
MPLS Label layers 4
Number of LSPs 100 K
Number of LDP neighbors >1 K
MPLS FRR switching time <50 ms
Layer 2 MAC table (dynamic and static ) 256 K
features
L2VPN VLL entries 64 K
Number of VPLS VSIs 8K
Number of VRF 4K
QoS Number of traffic classification 16 K/slot
rules
Number of ACLs 16 K/slot
CAR granularity 64 Kbit/s
Number of queues 256 K (bidirectional )/LPU
Levels of HQoS scheduling 5 levels

Attribute Service Feature Technical and Performance

Specifications
Packet buffer time 200 ms

Multicast Number of multicast routes 16 K
Number of multicast static 256
routes
Number of multicast forwarding 16 K
table entries
9.4 System Features

Table 9-12 System features
Feature Description
Interworking LAN protocols Ethernet_II
IEEE802.1Q
IEEE802.1p
Link layer PPP or MP
protocols HDLC
ATM
IP over ATM
RRPP
FR
POS over FR
Ethernet Basic VLAN features
switching VLAN aggregation
VLAN trunk
Dynamic learning between VLAN members
VLANIF interface
Inter-VLAN routing
VLAN translation
VLAN Mapping
STP/RSTP/MSTP
QinQ
VLAN Stacking

Feature Description
Network IPv4 Static routes
protocol Dynamic unicast routing protocols:
RIP-1/RIP-2
OSPF
IS-IS
BGP
Multicast protocols:
IGMP
IGMP Snooping
PIM-DM
PIM-SM
PIM-SSM
MBGP
MSDP
Multicast VLAN
Multicast VPN
Multicast flow control
Multicast CAC
Routing policies
IPv6 IPv4-to-IPv6 transition technologies:
Manually configured tunnel
GRE
Automatic tunnel
6to4 tunnel
6PE
IPv4 over IPv6 tunnel
IPv6 static unicast routes
IPv6 dynamic unicast routing
BGP4+
RIPng
OSPFv3
IS-ISv6
IPv6 Multicast protocols:
MLD
PIM-IPv6-DM
PIM-IPv6-SM
PIM-IPv6-SSM

Feature Description
MPLS MPLS basic MPLS forwarding
functions MPLS LDP
MPLS TE
DS-TE
MPLS QoS
MPLS Uniform, Pipe, and Short Pipe
MPLS OAM
IPTN
VPN L2VPN VLL/PWE3 in Martini or Kompella mode
VPLS
QinQ
H-VPLS
ATM IWF
L3VPN
L3VPN BGP/MPLS L3VPN (as the PE router or the P
router )
HoVPN
Multicast VPN
Inter-VPN
Carrier's carrier
RRVPN
Multi-role host
IPv6 L3VPN IPv6 BGP/MPLS L3VPN (as the PE router or the P
router )
Inter-VPN
Carrier's carrier
User Access user MSE
management management AAA
Domain
RADIUS
HWTACACS
ANCP

Feature Description
Security AAA CHAP
PAP
RADIUS
HWTACACS
ANCP
Load balancing Equal-cost load balancing
Unequal-cost load balancing
Other security SSH
features Local mirroring
Remote mirroring
Port traffic sampling
Traffic control on the LPU and the
URPF
Layer 2 limit
ARP anti-attack
Attack defense
Defense against TCP/IP packet attack
Attack source tracing
Local URPF
GTSM
Lawful interception
Hierarchical commands to defend against unauthorized users' login
Reliability Hot backup 1:1 backup of SRU/MPU
3+1 load balancing and backup of SFUs
1+1 backup of power modules
1+1 backup of the system management bus and data
bus
GR Protocol-level GR: IS-ISv4, OSPF, BGP4, LDP, and
VPN
System-level GR

Feature Description
Others IP FRR
LDP FRR
TE FRR
VLL FRR
VPNv4/v6 FRR
IP and VPN hybrid FRR
IPv4/IPv6 VRRP
BFD
Dampening control to support Up/Down of interfaces
Transmission alarm customization and suppression
QoS Traffic Simple traffic classification

classification Complex traffic classification: based-on port; based
on Layer 2, Layer 3, or Layer 4 packets
Traffic Traffic policing and traffic shaping based on srTCM
policing and or trTCM
shaping DiffServ EF and AF services
GTS
Congestion PQ/WFQ
management
Congestion WRED
avoidance
Policy-based Route redirection, MPLS LSP explicit route
routing distribution
QPPB IP precedence
Specific traffic behavior

Feature Description
BGP BGP identifies and classifies the routes through BGP
accounting traffic index to account the traffic on the basis of
classification
VPN QoS QoS that transmits the private network routes through
BGP is an extension of QPPB in the L3VPN
Supports traffic classification, traffic shaping, and
queue scheduling in the L2VPN and L3VPN
Supports the combination between VPN QoS and
MPLS DiffServ/MPLS TE/MPLS DS-TE
QinQ QoS 802.1p re-mark function supported by QinQ
802.1p and DSCP re-mark function during QinQ
termination
802.1p and EXP re-mark function during QinQ
termination
ATM QoS Simple traffic classification and forcible traffic

classification
HQoS Two-level scheduling mode
Level 1 scheduling ensures bandwidth for each user
and level 2 scheduling ensures bandwidth for services
of each user
L2VPN HQoS
L3VPN HQoS
TE and DS-TE HqoS
HQoS for users

Feature Description
Configuration Command line Local configuration through the console port
management interface Local or remote configuration through the AUX port
Local or remote configuration through Telnet
Local or remote configuration through SSH
Hierarchical commands to defend against
unauthorized users' login
Detailed debugging information for network faults
diagnosis
Network test tools such as tracert and ping
Supports the login to and management of other
routers through Telnet
FTP server and client functions to upload and
download configuration files and applications
TFTP client functions to upload and download
configuration files and applications
Upload and download configuration files and
applications through the XModem protocol
System logs
Virtual file system
Time service Time Zone
Summer Time
NTP server and NTP client
In-service In-service upload
upgrade In-service upgrade
In-service patching
ISSU
Information Provides three types of information: alarm, log, and
center debugging
Provides eight levels of information: emergency,
alert, critical, error, warning, notification,
informational, and debugging
Information can be output to the log host or user
terminal; log information and alarm information can
be output through the SNMP Agent or the buffer
Network Supports SNMP v1/v2c/v3
management RMON
NetStream
Traffic statistics

10 Compliant Standards
About This Chapter

10.1 Standards and Telecom Protocols
10.2 Electromagnetic Compatibility Standards
10.3 Safty Standards
10.4 Environmental Standards
10.5 Other Standards
10.1 Standards and Telecom Protocols

AAA
RFC 2903 Generic AAA Architecture
RFC 2904 AAA Authorization Framework
RFC 2906 AAA Authorization Requirements
ANCP
draft-ietf-ancp-framework-07 Framework and Requirements for an Access
Node Control Mechanism in Broadband
Multi-Service Networks
draft-ietf-ancp-protocol-04 Protocol for Access Node Control Mechanism in
Broadband Networks
ARP
RFC 1027 Using ARP to implement transparent subnet
gateways
ATM
RFC 1483 Multiprotocol Encapsulation over ATM
Adaptation Layer 5

RFC 1577 Classical IP and ARP over ATM

RFC 2225 Classical IP and ARP over ATM
RFC 2226 IP Broadcast over ATM Networks
RFC 2364 PPP Over AAL5
RFC 2684 Multiprotocol Encapsulation over ATM
Adaptation Layer 5
af-uni-0010.000 ATM User-Network Interface Specification V2.0
af-uni-0010.001 ATM User-Network Interface Specification V3.0
ATM User-Network Interface Specification V3.1
af-phy-0086.001 Inverse Multiplexing for ATM (IMA)
Specification Version 1.1
BFD
draft-ietf-bfd-base-05 Bidirectional Forwarding Detection
draft-ietf-bfd-v4v6-1hop-05 BFD for IPv4 and IPv6 (Single Hop)
draft-ietf-bfd-multihop-06 BFD for Multihop Paths
draft-ietf-bfd-mpls-02 BFD For MPLS LSPs
BGP
RFC 1105 Border Gateway Protocol BGP
RFC 1163 A Border Gateway Protocol (BGP)
RFC 1164 Application of the Border Gateway Protocol in
the Internet
RFC 1265 BGP Protocol Analysis
RFC 1266 Experience with the BGP Protocol
RFC 1267 A Border Gateway Protocol 3 (BGP-3)
the Internet
RFC 1269 Definitions of Managed Objects for the Border
Gateway Protocol:Version 3
RFC 1321 The MD5 Message-Digest Algorithm
RFC 1397 Default Route Advertisement in BGP2 and BGP3
Version of the Border Gateway Protocol
RFC 1403 BGP OSPF Interaction
RFC 1654 A Border Gateway Protocol 4 (BGP-4).
the Internet

RFC 1656 BGP-4 Protocol Document Roadmap and

Implementation Experience
RFC 1657 basic BGP4 MIB
RFC 1771 (BGP-4)
RFC 1772 BGP basic functions support
RFC 1773 obsoletes RFC 1656
RFC 1774 BGP-4 Protocol Analysis
RFC1930 Guidelines for creation, selection, and registration
of an Autonomous System (AS)
RFC 1965 Autonomous System Confederations for BGP
RFC 1966 BGP Route-Reflection
RFC 1997 BGP Community Attribute
RFC 1998 An Application of the BGP Community Attribute
RFC 2270 Using a Dedicated AS for Sites Homed to a
Single Provider
RFC 2283 Multiprotocol Extensions for BGP-4
RFC 2385 TCP MD5
RFC 2439 BGP Route Flap Damping
RFC 2519 A Framework for Inter-Domain Route
Aggregation
RFC 2545 BGP suppor IPV6
RFC 2547 BGP/MPLS VPNs
RFC 2796 BGP Route Reflection
RFC 2842 Capabilities Advertisement with BGP-4
RFC 2918 Route Refresh Capability for BGP-4
RFC 3065 Autonomous System Confederations for BGP
RFC 3392 Support BGP capabilities advertisement
RFC 3562 Key Management Considerations for the TCP
MD5 Signature Option
RFC 4271 A Border Gateway Protocol 4 (BGP-4)
RFC 4272 BGP Security Vulnerabilities Analysis
RFC 4273 Definitions of Managed Objects for the Fourth
Version of Border Gateway Protocol (BGP-4)

RFC 4274 BGP-4 Protocol Analysis

RFC 4275 BGP-4 MIB Implementation Survey
RFC 4276 BGP 4 Implementation Report
RFC 4277 Experience with the BGP-4 Protocol
RFC 4360 BGP Extended Communities Attribute
RFC 4364 BGP/MPLS IP Virtual Private Networks
RFC 4382 MPLS/BGP Layer 3 Virtual Private Network
(VPN) Management information Base
RFC 4456 BGP Route Reflection: An Alternative to Full
Mesh Internal BGP (IBGP)
RFC 4486 Subcodes for BGP Cease Notification Message
RFC 4724 Graceful Restart Mechanism for BGP
RFC 4781 Graceful Restart Mechanism for BGP with MPLS
RFC 4798 Connecting IPv6 Islands over IPv4 MPLS using
IPv6 Provider Edge Routers (6PE)
Clock
IEEE1588 Standard for a Precision Clock Synchronization
Protocol for Networked Measurement and
Control Systems
ITU-T G.813 Timing characteristics of SDH equipment slave
clocks (SEC)
Ethernet
RFC 0826 Ethernet Address Resolution Protocol: Or
converting network protocol addresses to 48.bit
Ethernet address for transmission on Ethernet
hardware (ARP)
RFC 1042 A Standard for the Transmission of IP Datagrams
over IEEE 802 Networks
IEEE802.1q IEEE Standard for Local and Metropolitan Area
Networks: Virtual Bridged Local Area Networks
IEEE802.1t 802.1D Maintenance
IEEE802.1w Rapid Reconvergence of Spanning Tree (RSTP)
IEEE802.1ah Provider Backbone Bridges
IEEE802.1ap Management Information Base (MIB) definitions
for VLAN Bridges
IEEE802.17 Resilient Packet Ring

IEEE802.2 IEEE Standards for Local Area Networks:

Logical Link Control (LLC)
IEEE802.3 IEEE Standards for Local Area Networks: Carrier
Sense Multiple Access with Collision Detection
(CSMA/CD) Access, Method and Physical Layer
Specifications
IEEE802.3ad Port Trunk, LACP
IEEE802.3ae 10 Gbit/s Ethernet Standard
IEEE802.3af Link Aggregation Control Protocol
IEEE802.1ag Connectivity Fault Management
IEEE802.3ah Ethernet First Mile
IEEE802.3z Gigabit fiber
Frame Relay
RFC 1315 Management Information Base for Frame Relay
DTEs
RFC 1490 Multiprotocol Interconnect over Frame Relay
RFC 1604 Definitions of Managed Objects for Frame Relay
Service
RFC 2427 Multiprotocol Interconnect over Frame Relay
Recommendation Q.933 Annex A Additional procedures for Permanent Virtual
Connection (PVC) status
ANSI T1.617 Annex D -
FRF.1.1 User-to-Network Implementation Agreement
(UNI)
FRF.1.2 PVC User-to-Network Interface (UNI)
Implementation Agreement
FRF.2.1 Frame-Relay Network-to-Network Interface
FRF.12 Frame Relay Fragmentation Implementation
Agreement
FRF.15 End-to-End Multilink Frame Relay
FRF.16.1 Multilink Frame Relay UNI/NNI Implementation
Agreement
FTP
RFC 0959 File Transfer Protocol (FTP)
IPv6

RFC 1886 DNS Extensions to Support IP version 6

RFC 1887 An Architecture for IPv6 Unicast Address
Allocation
RFC 1970 Neighbor Discovery for IP Version 6 (IPv6)
RFC 2023 IP Version 6 over PPP
RFC 2373 IP Version 6 Addressing Architecture
RFC 2374 An IPv6 Aggregatable Global Unicast Address
Format
RFC 2375 IPv6 Multicast Address Assignments
RFC 2452 MIB for TCP6
RFC 2454 MIB for UDP6
RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
RFC 2461 Neighbor Discovery for IP Version 6 (IPv6)
RFC 2462 IPv6 Stateless Address Auto configuration
RFC 2463 Internet Control Message Protocol (ICMPv6) for
the Internet Protocol Version 6
(IPv6)Specification
RFC 2464 Transmission of IPv6 Packets over Ethernet
Networks
RFC 2470 Transmission of IPv6 Packets over Token Ring
Networks
RFC 2472 IP Version 6 over PPP
RFC 2473 Generic Packet Tunneling in IPv6 Specification
RFC 2452 MIB for TCP6
RFC 2454 MIB for UDP6
RFC 2529 Transmission of Ipv6 over Ipv4 Domains without
Explicit Tunnels
RFC 2893 Transition Mechanisms for Ipv6 Hosts and
Routers
RFC 3056 Connection of Ipv6 Domains via Ipv4 Clouds
RFC 3363 Representing Internet Protocol version 6 (Ipv6)
Addresses in the Domain Name System (DNS).
RFC 3493 Basic Socket Interface Extensions for IPv6
RFC 3513 IP Version 6 Addressing Architecture
RFC 3542 Advanced Sockets API for Ipv6
RFC 3587 An Aggregatable Global Unicast Address Format

RFC 3775 Mobility Support in IPv6

ISIS
RFC 1142 OSI IS-IS Intra-domain Routing Protocol
ISO10598 IS-IS intra-domain routing protocol
RFC 1195 Use of OSI Is-Is for Routing in TCP/IP and Dual
Environments
RFC 2104 HMAC: Keyed-Hashing for Message
Authentication
RFC 2763 Dynamic Name-to-systemID mapping support
RFC 2966 route leak support
RFC 2973 Support IS-IS Mesh Groups
RFC 3277 IS-IS Transient Blackhole Avoidance
RFC 3359 Reserved Type, Length and Value (TLV)
Codepoints in Intermediate System to
Intermediate System
RFC 3373 Three-Way Handshake for Intermediate System
to Intermediate System (IS-IS) Point-to-Point
Adjacencies
RFC 3567 Intermediate System to Intermediate System
(IS-IS) Cryptographic Authentication
RFC 3719 Recommendations for Interoperable Networks
using IS-IS
RFC 3784 ISIS TE support
RFC 3786 Extending the Number of IS-IS LSP Fragments
Beyond the 256 Limit
RFC 3787 Recommendations for Interoperable IP Networks
using IS-IS
RFC 3847 Restart signaling for IS-IS
RFC 4444 Management Information Base for Intermediate
System to Intermediate System (IS-IS)
ISO10589 IS-IS intra-domain routing protocol
L2 protocol
RFC 1216 Gigabit network economics and paradigm shifts
RFC 1619 PPP over SONET/SDH prior to insertion into
SPE
RFC 1717 The PPP Multilink Protocol (MP)

RFC 2115 Management Information Base for Frame Relay

DTEs Using SMIv2
RFC 2285 Benchmarking Terminology for LAN Switching
Devices
RFC 2320 IP and ARP over ATM (IPOA) MIB
RFC 2665 Definitions of Managed Objects for the
Ethernet-like Interface Types
RFC 2674 Definitions of Managed Objects for Bridges with
Traffic Classes, Multicast Filtering and Virtual
LAN Extensions
RFC 2863 The Interfaces Group MIB
RFC 3020 MIB for FRF.16 UNI/NNI MFR
RFC 3201 Circuit to Interface MIB
RFC 3606 Supplemental ATM Managed Objects
Ethernet-like Interface Types
RFC 4087 IP Tunnel MIB
ITU-T G.703 Physical/electrical characteristics of hierarchical
digital interfaces
ITU-T G.704 Synchronous frame structures used at 1544,
6312,2048, 8448 and 44 736 kbit/s hierarchical
levels.
ITU-T G.707 Network node interface for the synchronous
digital hierarchy (SDH)
ITU-T G.825 The control of jitter and wander within digital
networks which are based on the synchronous
digital hierarchy (SDH).
networks which are based on the 2048 kbit/s
hierarchy.
networks which are based on the 1544 kbit/s
hierarchy.
ANSI T1.105 Synchronous Optical Network(SONET) Basic
Description Including Multiplex Structures,
Rates,
and Formats
ANSI T1.105.02 Synchronous Optical Network(SONET) Payload
Mappings
L3 protocol

RFC 2544 Benchmarking Methodology for Network

Interconnect Devices
RFC 2668 Definitions of Managed Objects for IEEE 802.3
Medium Attachment Units (MAUs).
MPLS
RFC 2205 Resource ReSerVation Protocol (RSVP) -
Version 1 Functional Specification
RFC 2209 Resource ReSerVation Protocol (RSVP) --
Version 1 Message Processing Rules
RFC 2210 The Use of RSVP with IETF Integrated Services
RFC 2702 Requirements for Traffic Engineering Over
MPLS
RFC 2747 RSVP Cryptographic Authentication
RFC 2961 RSVP Refresh Overhead Reduction Extensions
RFC3031 Multiprotocol Label Switching Architecture
RFC 3032 MPLS Label Stack Encoding
RFC 3034 Use of Label Switching on Frame Relay
Networks Specification
RFC 3035 MPLS using LDP and ATM VC Switching
RFC 3036 LDP Specification
RFC 3037 LDP Applicability
RFC 3038 VCID Notification over ATM link for LDP
RFC 3063 MPLS Loop Prevention Mechanism
RFC 3107 Support BGP carry Label for MPLS
RFC 3209 RSVP-TE Extensions to RSVP for LSP Tunnels
RFC 3210 Applicability Statement for Extensions to RSVP
for LSP-Tunnels
RFC 3212 Constraint-Based LSP setup using LDP
(CR-LDP)
RFC 3214 LSP Modification Using CR-LDP
RFC 3215 LDP State Machine
RFC 3270 Multi-Protocol Label Switching (MPLS) Support
of Differentiated Services
RFC 3272 Overview and Principles of Internet Traffic
Engineering

RFC 3443 Time To Live (TTL) Processing in Multi-Protocol

Label Switching (MPLS) Networks
RFC 3469 Framework for Multi-Protocol Label Switching
(MPLS)-based Recovery
RFC 3478 Graceful Restart Mechanism for LDP
RFC 3479 Fault Tolerance for the Label Distribution
Protocol (LDP)
RFC 3612 Applicability Statement for Restart Mechanisms
for the Label Distribution Protocol (LDP)
RFC4023 Encapsulating MPLS in IP or Generic Routing
Encapsulation (GRE) 2005-12-07
RFC 4090 Fast Reroute Extensions to RSVP-TE for LSP
Tunnels
RFC 4124 Protocol Extensions for Support of DS-TE
RFC 4125 Maximum Allocation Bandwidth Constraints
Model for Diffserv-aware MPLS Traffic
Engineering
RFC 4126 Max Allocation with Reservation Bandwidth
Constraints Model for Diffserv-aware MPLS
Traffic Engineering & Performance Comparisons
RFC 4127 Generalized MPLS Signaling - RSVP-TE
Extensions
RFC 4182 Removing a Restriction on the use of MPLS
Explicit NULL
RFC 4197 Requirements for Edge-to-Edge Emulation of
Time Division Multiplexed (TDM) Circuits over
Packet Switching Networks
RFC 4221 Multiprotocol Label Switching (MPLS)
Management Overview
RFC 4377 Operations and Management (OAM)
Requirements for MPLS
RFC 4378 A Framework for Multi-Protocol Label Switching
(MPLS) Operations and Management (OAM).
RFC 4379 Detecting Multi-Protocol Label Switched (MPLS)
Data Plane Failures
RFC 4446 IANA Allocations for Pseudowire Edge to Edge
Emulation (PWE3)
RFC 4447 Pseudowire Setup and Maintenance Using the
Label Distribution Protocol (LDP)
RFC 4448 Encapsulation Methods for Transport of Ethernet
over MPLS Networks

RFC 4558 Node-ID Based Resource Reservation Protocol

(RSVP) Hello
RFC 4874 Exclude Routes - Extension to RSVP-TE
RFC 4905 Encapsulation Methods for Transport of Layer 2
Frames Over MPLS Networks
RFC 4906 Transport of Layer 2 Frames Over MPLS
draft-ietf-mpls-lsp-ping-version-09 Detecting Multi-Protocol Label Switched (MPLS)
Data Plane Failures
draft-ietf-ccamp-inter-domain-framew Mechanisms for Inter-AS or Inter-Domain Traffic
ork-04 Engineering
draft-minei-diffserv-te-multi-class-02 Extensions for Differentiated Services-aware
Traffic Engineered LSPs
ITU-T Y.1710 Requirements for OAM functionality for MPLS
networks
ITU-T Y.1711 Operation and maintenance mechanism for MPLS
networks
ITU-T Y.1720 Protection switching for MPLS networks
MSE
RFC2748 Common Open Policy Service
MSTP
IEEE802.1s Multiple Spanning Trees
IEEE802.1ad Virtual Bridged Local Area Networks -
Amendment 4: Provider Bridges,QinQ
Multicast
RFC 1112 Host Extensions for IP Multicasting
RFC 2236 Internet Group Management Protocol, Version 2
RFC 2362 Protocol Independent Multicast-Sparse Mode
(PIM-SM):Protocol Specification
RFC 3446 Anycast Rendevous Point (RP) mechanism using
Protocol Independent Multicast (PIM) and
Multicast Source Discovery Protocol (MSDP)
RFC 3569 An Overview of Source-Specific Multicast (SSM)
RFC 3956 Embedding the Rendezvous Point (RP) Address
in an IPv6 Multicast Address
RFC 3973 Embedding the Rendezvous Point (RP) Address
in an IPv6 Multicast Address

RFC 4541 Considerations for Internet Group Management

Protocol (IGMP)and Multicast Listener
Discovery (MLD) Snooping Switches
RFC 4601 Protocol Independent Multicast - Sparse Mode
(PIM-SM): Protocol Specification (Revised)
RFC 4604 Using Internet Group Management Protocol
Version 3 (IGMPv3) and Multicast Listener
Discovery Protocol Version 2 (MLDv2) for
Source-Specific Multicast
draft-fenner-traceroute-ipm-01 A "traceroute" facility for IP Multicast
draft-ietf-magma-snoop-12 Considerations for Internet Group Management
Protocol (IGMP)and Multicast Listener
Discovery (MLD) Snooping Switches
NTP
RFC 1305 Network Time Protocol (Version 3)
OSPF
RFC 1131 OSPF specification
RFC 1242 Benchmarking terminology for network
interconnection devices
RFC 1245 OSPF Protocol Analysis
RFC 1246 Experience with the OSPF Protocol
RFC 1247 OSPF Version 2
RFC 1248 OSPF Version 2 Management Information Base
RFC1252 OSPF Version 2 Management Information Base
RFC 1587 The OSPF NSSA Option
RFC 1765 OSPF Database Overflow
RFC 2329 OSPF Standardization Report
RFC 2370 The OSPF Opaque LSA Option
RFC 2740 OSPF for IPv6 (OSPFv3)
RFC 2844 OSPF over ATM and Proxy-PAR
RFC 3101 The OSPF NSSA Option

RFC 3137 OSPF Stub Router Advertisement

RFC 3623 OSPF Graceful Restart
RFC 3630 Traffic Engineering Extensions to OSPF
RFC 4167 Graceful OSPF Restart Implementation Report
RFC 4970 Extensions to OSPF for Advertising Optional
Router
PPP
RFC 1332 The PPP Internet Protocol Control Protocol
(IPCP)
RFC 1334 PPP Authentication Protocols
RFC 1377 The PPP OSI Network Layer Control Protocol
(OSINLCP).
RFC 1471 The Definitions of Managed Objects for the IP
Network Control Protocol of the Point-to-Point
Protocol
RFC 1473 The Definitions of Managed Objects for the IP
Network Control Protocol of the Point-to-Point
Protocol.
RFC 1570 PPP LCP Extensions
RFC 1661 The Point-to-Point Protocol (PPP)
RFC 1662 PPP in HDLC-like Framing.
RFC 1990 The PPP Multilink Protocol (MP)
RFC 1915 The PPP Connection Control Protocol
RFC 1989 PPP Link Quality Monitoring
RFC 1994 PPP Challenge Handshake Authentication
Protocol (CHAP
RFC 2364 PPP over AAL5 (PPPoA)
RFC 2509 IP Header Compression over PPP
RFC 2615 PPP over SONET/SDH
QoS
RFC 1144 Compressing TCP/IP Headers for Low-Speed
Serial Links
RFC 1349 Type of Service in the Internet Protocol Suite
RFC 2309 Recommendations on Queue Management and
Congestion Avoidance in the Internet

RFC 2386 A Framework for QoS-based Routing in the

Internet
RFC 2474 Definition of the Differentiated Services Field
(DS Field) in the IPv4 and IPv6 Headers
RFC 2475 An Architecture for Differentiated Services
RFC 2597 Assured Forwarding PHB Group
RFC 2598 An Expedited Forwarding PHB
RFC 2697 A Single Rate Three Color Marker.
RFC 2698 A Two Rate Three Color Marker
RFC 3086 Definition of Differentiated Services Per Domain
Behaviors and Rules for their Specification
RFC 3246 An Expedited Forwarding PHB (Per-Hop
Behavior)
RFC 3247 Supplemental Information for the New Definition
of the EF PHB
RFC3260 New Terminology and Clarifications for Diffserv
RFC 3290 An Informal Management Model for Diffserv
Routers
IEEE802.1p LAN Layer 2 QoS/CoS Protocol for Traffic
Prioritization
RIP
RFC 1058 Routing Information Protocol (RIP)
RFC 1389 RIP Version 2 MIB Extension
RFC 2080 RIPng support
RFC 2081 RIPng Protocol Applicability Statement
RFC 2082 RIP-2 MD5 Authentication
RFC 2091 Triggered Extensions to RIP to Support Demand
Circuits
RFC 2453 RIP Version 2
RMON
RFC 2021 Remote Network Monitoring Management
Information Base Version 2 using SMIv2
RFC 2819 Remote Network Monitoring Management
Information Base
Security

RFC 1519 Classless Inter-Domain Routing (CIDR): an

Address Assignment and Aggregation Strategy
RFC 1631 The IP Network Address Translator (NAT)
RFC 2085 HMAC-MD5 IP Authentication with Replay
Prevention
RFC 2267 Network Ingress Filtering: Defeating Denial of
Service Attacks which employ IP Source Address
Spoofing
RFC 2338 Virtual Router Redundancy Protocol
RFC 2365 Administratively Scoped IP Multicast
RFC 2787 Definitions of Managed Objects for the Virtual
Router Redundancy Protocol
RFC 2827 Network Ingress Filtering: Defeating Denial of
Service Attacks which employ IP Source Address
Spoofing.
RFC 2865 Remote Authentication Dial In User Service
(RADIUS)
RFC 2866 RADIUS Accounting
RFC 2867 RADIUS Accounting Modifications for Tunnel
Protocol Support
RFC 2868 RADIUS Attributes for Tunnel Protocol Support
RFC 2869 RADIUS Extensions
RFC 2903 Generic AAA Architecture
RFC 2904 AAA Authorization Framework
RFC 2906 AAA Authorization Requirements
RFC 3575 IANA Considerations for RADIUS (Remote
Authentication Dial In User Service)
RFC 3682 The Generalized TTL Security Mechanism
(GTSM)
RFC 3768 Virtual Router Redundancy Protocol (VRRP)
SNMP
RFC 1155 Structure and identification of management
information for TCP/IP-based internets
RFC 1157 Simple Network Management Protocol (SNMP)
RFC 1212 Concise MIB definitions
RFC 1214 Definitions of Managed Objects for Data Link
Switching using SMIv2.

RFC 1215 A Convention for Defining Traps for use with the
SNMP
RFC 1901 Introduction to Community-based SNMPv2
RFC 1902 Structure of Management Information for Version
2 of the Simple Network Management Protocol
(SNMPv2)
RFC 1903 Textual Conventions for Version 2 of the Simple
Network Management Protocol (SNMPv2)
RFC 1904 Conformance Statements for Version 2 of the
Simple Network Management Protocol
(SNMPv2)
RFC 1905 Protocol Operations for Version 2 of the Simple
RFC 1906 Transport Mappings for Version 2 of the Simple
RFC 1907 Management Information Base for Version 2 of
the Simple Network Management Protocol
(SNMPv2)
RFC 2570 Introduction to Version 3 of the Internet-standard
Network Management Framework
RFC 2571 An Architecture for Describing SNMP
Management Frameworks
RFC 2572 Message Processing and Dispatching for the
Simple Network Management Protocol (SNMP)
RFC 2573 SNMP Applications
RFC 2574 User-based Security Model (USM) for version 3
of the Simple Network Management Protocol
(SNMPv3)
RFC 2575 View-based Access Control Model (VACM) for
(SNMP)
RFC 2576 Coexistence between Version 1, Version 2, and
Version 3 of the Internet-standard Network
Management Framework
RFC 2578 Structure of Management Information Version 2
(SMIv2)
RFC 2579 Textual Conventions for SMIv2
RFC 2580 Conformance Statements for SMIv2
RFC 3410 An Architecture for Describing Simple Network
Management Protocol (SNMP) Management
Frameworks

RFC 3411 An Architecture for Describing Simple Network

Management Protocol (SNMP) Management
rameworks
RFC3412 Message Processing and Dispatching for the
Simple NetworkManagement Protocol SNMP)
RFC 3413 Simple Network Management Protocol (SNMP)
Applications
RFC 3414 User-based Security Model (USM) for version 3
of the Simple Network Management Protocol
(SNMPv3)
RFC 3415 View-based Access Control Model (VACM) for
(SNMP)
RFC 3416 Version 2 of the Protocol Operations for the
Simple Network Management Protocol (SNMP).
RFC 3418 Management Information Base (MIB) for the
Simple Network Management Protocol (SNMP).
RFC 3512 Configuring Networks and Devices with Simple
Network Management Protocol (SNMP).
SSHV2
RFC 4245 Improved Arcfour Modes for the Secure Shell
(SSH) Transport Layer Protocol
RFC 4250 Protocol Assigned Numbers
RFC4251 The Secure Shell (SSH) Protocol Architecture
RFC 4252 The Secure Shell (SSH) Authentication Protocol
RFC 4253 The Secure Shell (SSH) Transport Layer Protocol
RFC 4254 The Secure Shell (SSH) Connection Protocol
System Management
RFC0135 Conventions for using an IBM 2741 terminal as a
user console for access to network server hosts
RFC 1200 IAB official protocol standards
RFC 1350 The TFTP Protocol (Revision 2)
RFC 1493 Definitions of Managed Objects for Bridges
RFC1814 Requirements for IP Version 4 Routers
RFC 2096 IP Forwarding Table MIB
RFC2213 Integrated Services Management Information
Base using SMIv2
RFC 2233 The Interfaces Group MIB using SMIv2

RFC 2493 Textual Conventions for MIB Modules Using

Performance History Based on 15 Minute
Intervals
RFC 2737 Entity MIB (Version 2).
RFC 2925 Definitions of Managed Objects for Remote Ping,
Traceroute, and Lookup Operations.
Synchronous Optical Network/Synchronous
Digital Hierarchy (SONET/SDH) Interface Type
RFC 3636 Definitions of Managed Objects for IEEE 802.3
Medium Attachment Units (MAUs).
RFC 3737 IANA Guidelines for the Registry of Remote
Monitoring (RMON) MIB modules
RFC 3877 Alarm Management Information Base (MIB).
RFC 3954 -
TCP/IP
RFC 0768 User Datagram Protocol
RFC 0791 INTERNET PROTOCOL DARPA INTERNET
PROGRAM PROTOCOL SPECIFICATION
RFC 0792 INTERNET CONTROL MESSAGE
PROTOCOL
RFC 0793 TRANSMISSION CONTROL PROTOCOL
RFC 0813 Window and Acknowledgement Strategy in
TCP/IP
RFC 0950 Internet Standard Subnetting Procedure
RFC 1034 Domain Names - Concepts and Facilities
RFC 1035 Domain Names - Implementation and
Specification
RFC 1071 Computing the Internet Checksum
RFC 1122 Requirements for Internet Hosts --
Communication Layers
RFC 1141 Incremental Updating of the Internet Checksum
RFC 1219 On the assignment of subnet numbers.
RFC 1256 ICMP Router Discovery Messages
RFC 1323 TCP Extensions for High Performance
RFC 1533 DHCP Options and BOOTP Vendor
ExtensionsClass-identifier

RFC 1534 Interoperation Between DHCP and BOOTP

RFC1542 Clarifications and Extensions for the Bootstrap
Protocol
RFC 1624 Computation of the Internet Checksum via
Incremental Update
RFC 1878 Variable Length Subnet Table For IPv4
RFC 2131 Dynamic Host Configuration Protocol
RFC 2132 DHCP Options and BOOTP Vendor Extensions
RFC 2507 IP Header Compression
RFC 2508 Compressing IP/UDP/RTP Headers for
Low-Speed Serial Links
RFC 2581 TCP Congestion Control
RFC 2644 Changing the Default for Directed Broadcasts in
Routers
RFC 2694 DNS extensions to Network Address Translators
(DNS_ALG)
RFC 3046 DHCP Relay Agent Information Option.
RFC 3396 Encoding Long Options in the Dynamic Host
Configuration Protocol (DHCPv4)
TELNET
RFC 0854 TELNET PROTOCOL SPECIFICATION
RFC 0857 TELNET ECHO OPTION
RFC 0858 TELNET SUPPRESS GO AHEAD OPTION
RFC 1091 Telnet Terminal-Type Option
VPN
RFC 1701 Generic Routing Encapsulation (GRE)
RFC 1702 Generic Routing Encapsulation over IPv4
networks
RFC 2764 A Framework for IP Based Virtual Private
Networks
RFC 2784 Generic Routing Encapsulation (GRE)
RFC 2983 Differentiated Services and Tunnels
RFC 3916 Requirements for Pseudo-Wire Emulation
Edge-to-Edge (PWE3).
RFC 3985 Pseudo Wire Emulation Edge-to-Edge (PWE3)
Architecture

RFC 4023 Encapsulating MPLS in IP or Generic Routing

Encapsulation (GRE)
RFC 4110 A Framework for Layer 3 Provider-Provisioned
Virtual Private Networks (PPVPNs).
RFC 4385 Pseudowire Emulation Edge-to-Edge (PWE3)
Control Word for Use over an MPLS PSN
RFC 4618 Encapsulation Methods for Transport of
PPP/HDLC over MPLS Networks
RFC 4619 Encapsulation Methods for Transport of Frame
Relay over MPLS Networks
RFC 4659 BGP-MPLS VPN Extension for IPv6 VPN
RFC 4664 Framework for Layer 2 Virtual Private Networks
(L2VPNs)
RFC 4665 Service Requirements for Layer 2
Provider-Provisioned Virtual Private Networks
RFC 4717 Encapsulation Methods for Transport of
Asynchronous Transfer Mode (ATM) over MPLS
Networks
RFC 4761 Virtual Private LAN Service (VPLS) Using BGP
for Auto-Discovery and Signaling
RFC 4762 Virtual Private LAN Service (VPLS) Using Label
Distribution Protocol (LDP) Signaling
RFC 4816 Pseudowire Emulation Edge-to-Edge (PWE3)
Asynchronous Transfer Mode (ATM)
Transparent Cell Transport Service
RFC 5085 Pseudowire Virtual Circuit Connectivity
Verification (VCCV): A Control Channel for
Pseudowires
RFC 5086 Structure-Aware Time Division Multiplexed
(TDM) Circuit Emulation Service over Packet
Switched Network (CESoPSN)
RFC 5287 Control Protocol Extensions for the Setup of
Time-Division Multiplexing (TDM) Pseudowires
in MPLS Networks
draft-ietf-pwe3-hdlc-ppp-encap-mpls- Encapsulation Methods for Transport of
09 PPP/HDLC Over MPLS Networks
draft-ietf-pwe3-vccv-10 Pseudo Wire Virtual Circuit Connectivity
Verification (VCCV)
draft-raggarwa-rsvpte-pw-00 Setup and Maintenance of Pseudowires using
RSVP-TE


Verification (VCCV)
Verification (VCCV)
draft-ietf-l2vpn-vpls-bgp-06 Virtual Private LAN Service
draft-ietf-l2vpn-vpls-ldp-02 Virtual Private LAN Services over MPLS
draft-kompella-l2vpn-l2vpn-00 pseudo wires created using BGP as signalling and
auto-discovery protocol
draft-ietf-pwe3-cell-transport-04 -
draft-ietf-pwe3-hdlc-ppp-encap-mpls- -
07
draft-ietf-pwe3-vccv-07 -
draft-ietf-l2vpn-l2-framework-05 -
draft-ietf-l2vpn-vpls-bgp-05 -
draft-ietf-l2vpn-requirements-04 -
draft-ietf-l2vpn-vpls-ldp-07 -
draft-ietf-pwe3-congestion-frmwk-01 -
draft-ietf-pwe3-dynamic-ms-pw-08 -
draft-ietf-pwe3-ms-pw-arch-04 -
draft-ietf-pwe3-ms-pw-requirements-0 -
7
draft-ietf-pwe3-oam-msg-map-07 -
draft-ietf-pwe3-redundancy-00 -
draft-ietf-pwe3-redundancy-bit-00 -
draft-ietf-pwe3-segmented-pw -
draft-ietf-pwe3-vccv-bfd-02 -
10.2 Electromagnetic Compatibility Standards

CISPR22 Class A
CISPR24
EN55022 Class A
EN50024
ETSI EN 300 386 Class A
ETSI ETS 300 132

CFR 47 FCC Part 15 Class A

ICES 003 Class A
AS/NZS CISPR22 Class A
GB9254 Class A
VCCI Class A
CNS 13438 Class A
10.3 Safty Standards

IEC 60950-1
IEC/EN41003
EN 60950-1
UL 60950-1
CSA C22.2 No 60950-1
AS/NZS 60950.1
BS EN 60950-1
ITU-T K.20
GB4943
FDA rules, 21 CFR 1040.10 and 1040.11
IEC60825-1, IEC60825-2, EN60825-1, EN60825-2
GB7247
IEC GR-1089-CORE
10.4 Environmental Standards

RoHS
GR-63
GB/T13543-92
ETS 300 019-2
GB2423-89
IEC 60068-2
GB 4789
ISTA
10.5 Other Standards

ICNIRP Guideline
1999-519-EC
EN 50385
OET Bulletin 65

IEEE Std C95.1

EN 60215
ITU-T K.27
ETSI EN 300 253

11 Acronyms and Abbreviations
AAA Authentication, Authorization and Accounting

AAL5 ATM Adaptation Layer 5
AC Alternating Current
ACL Access Control List

AF Assured Forwarding
ANSI American National Standard Institute
ARP Address Resolution Protocol
ASBR Autonomous System Boundary Router

ASIC Application Specific Integrated Circuit
ATM Asynchronous Transfer Mode

AUX Auxiliary (port)
B
BE Best-Effort
BGP Border Gateway Protocol
BGP4 BGP Version 4
C
CAR Committed Access Rate

CBR Constant Bit Rate

CE Customer Edge
CHAP Challenge Handshake Authentication Protocol
CoS Class of Service

CPU Center Processing Unit
CR-LDP Constrained Route - Label Distribution Protocol
DC Direct Current
DHCP Dynamic Host Configuration Protocol
DNS Domain Name Server
DS Differentiated Services
E
EACL Enhanced Access Control List
EF Expedited Forwarding
EMC ElectroMagnetic Compatibility
FE Fast Ethernet
FEC Forwarding Equivalence Class
FIB Forward Information Base
FIFO First In First Out
FR Frame Relay
FTP File Transfer Protocol
G
GE Gigabit Ethernet
GRE Generic Routing Encapsulation

GTS Generic Traffic Shaping
H
HA High availability
HDLC High level Data Link Control
HTTP Hyper Text Transport Protocol
ICMP Internet Control Message Protocol

IDC Internet Data Center
IEEE Institute of Electrical and Electronics Engineers
IETF Internet Engineering Task Force

IGMP Internet Group Management Protocol
IGP Interior Gateway Protocol
IP Internet Protocol
IPoA IP Over ATM
IPTN IP Telephony Network
IPv4 IP version 4
IPv6 IP version 6
IPX Internet Packet Exchange
IS-IS Intermedia System-Intermedia System;
ISP Interim inter-switch Signaling Protocol
ITU International Telecommunication Union - Telecommunication
Standardization Sector
L
L2TP Layer 2 Tunneling Protocol
LAN Local Area Network

LCD Liquid Crystal Display

LCP Link Control Protocol
LDP Label Distribution Protocol
LER Label switching Edge Router

LPU Line Processing Unit
LSP Label Switched Path
LSR Label Switch Router
M
MAC Media Access Control
MBGP Multiprotocol Border Gateway Protocol

MD5 Message Digest 5
MIB Management Information Base
MP Multilink PPP
MPLS Multi-protocol Label Switch;
MSDP Multicast Source Discovery Protocol
MSTP Multiple Spanning Tree Protocol
MTBF Mean Time Between Failures
MTTR Mean Time To Repair
MTU Maximum Transmission Unit
N
NAT Network Address Translation
NLS Network Layer Signaling
NP Network Processor
NTP Network Time Protocol
NVRAM Non-Volatile Random Access Memory
O
OSPF Open Shortest Path First

PAP Password Authentication Protocol

PE Provider Edge
PFE Packet Forwarding Engine
PIC Parallel Interference Cancellation

PIM-DM Protocol Independent Multicast-Dense Mode
PIM-SM Protocol Independent Multicast-Sparse Mode
POP Point Of Presence
POS Packet Over SDH/SONET
PPP Point-to-Point Protocol
PQ Priority Queue
PT Protocol Transfer
PVC Permanent Virtual Channel
QoS Quality of Service
R
RADIUS Remote Authentication Dial in User Service
RAM Random-Access Memory
RED Random Early Detection
RFC Requirement for Comments
RH Relative Humidity
RIP Routing Information Protocol
RMON Remote Monitoring
ROM Read Only Memory
RP Rendezvous Point
RPR Resilient Packet Ring
RSVP Resource Reservation Protocol
RSVP-TE RSVP-Traffic Engineering

S
SAP Service Advertising Protocol
SCSR Self-Contained Standing Routing
SDH Synchronous Digital Hierarchy

SDRAM Synchronous Dynamic Random Access Memory
SFU Switch Fabric Unit
SLA Service Level Agreement
SNAP SubNet Attachment Point
SNMP Simple Network Management Protocol
SONET Synchronous Optical Network

SP Strict Priority
SPI4 SDH Physical Interface
SSH Secure Shell

STM-16 SDH Transport Module -16
SVC Switching Virtual Connection
T
TCP Transfer Control Protocol
TE Traffic Engineering
TFTP Trivial File Transfer Protocol
TM Traffic Manager
ToS Type of Service
TP Topology and Protection packet
U
UBR Unspecified Bit Rate
UDP User Datagram Protocol

UNI User Network Interface
UTP Unshielded Twisted Pair

VBR-NRT Non-Real Time Variable Bit Rate

VBR-RT Real Time Variable Bit Rate
VC Virtual Circuit
VCI Virtual Channel Identifier

VDC Variable Dispersion Compensator
VLAN Virtual Local Area Network
VLL Virtual Leased Line
VPI Virtual Path Identifier
VPLS Virtual Private LAN Service
VPN Virtual Private Network

VRP Versatile Routing Platform
VRRP Virtual Router Redundancy Protocol
W
WAN Wide Area Network
WFQ Weighted Fair Queuing
WRED Weighted Random Early Detection
WRR Weighted Round Robin

Index
Index
错误！
错误！未找到索引项。
未找到索引项。
Issue () Huawei Proprietary and Confidential 1


Manual CX600 X8

Uploaded by

Copyright:

Available Formats

You might also like

Manual CX600 X8

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Manual CX600 X8

Uploaded by

Copyright:

Available Formats

Product Description

HUAWEI CX600-X Metro Services Platform (MSP) Universal Service

HUAWEI TECHNOLOGIES CO., LTD.

Huawei Proprietary and Confidential

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base

Copyright © Huawei Technologies Co., Ltd.2009. All rights reserved.

Trademarks and Permissions

Huawei Proprietary and Confidential

1 Related Versions ........................................................................................................................1-1

Issue () Huawei Proprietary and Confidential i

ii Huawei Proprietary and Confidential Issue ()

5.5.1 SDH/SONET Encapsulation ................................................................................................................5-1

6 Service Features ..........................................................................................................................6-1

Issue () Huawei Proprietary and Confidential iii

6.7 QoS Features .................................................................................................................................................6-1

iv Huawei Proprietary and Confidential Issue ()

6.13.6 VRRP .................................................................................................................................................6-1

7 Application Scenarios ...............................................................................................................7-1

8 Operation and Maintenance ....................................................................................................8-1

Issue () Huawei Proprietary and Confidential v

11 Acronyms and Abbreviations..............................................................................................11-1

vi Huawei Proprietary and Confidential Issue ()

Figure 3-1 Physical architecture.........................................................................................................................3-1

Figure 3-3 Logical architecture ..........................................................................................................................3-1

Figure 3-5 Data forwarding process ...................................................................................................................3-1

Figure 4-1 Appearance and components of the CX600-X16 (Front)..................................................................4-1

Figure 4-2 Appearance and components of the CX600-X16 (Rear)...................................................................4-1

Figure 4-3 Airflow of the CX600-X16 ...............................................................................................................4-1

Figure 4-4 Power supply of the CX600-X16......................................................................................................4-1

Figure 4-5 Board cage on the CX600-X16.........................................................................................................4-1

Figure 4-6 Management bus connection ............................................................................................................4-1

Figure 4-7 Appearance and components of the CX600-X8 (Front) ...................................................................4-1

Figure 4-8 Appearance and components of the CX600-X8 (Rear).....................................................................4-1

Figure 4-9 Airflow of the CX600-X8 (left view ) ..............................................................................................4-1

Figure 4-10 Power supply of the CX600-X8......................................................................................................4-1

Figure 4-11 Board cage of the CX600-X8..........................................................................................................4-1

Figure 4-12 Appearance of the CX600-X3 (DC power modules ) .....................................................................4-1

Figure 4-13 Appearance of the CX600-X3 (AC power modules ) .....................................................................4-1

Figure 4-15 Board cage of the CX600-X3 .........................................................................................................4-1

Figure 4-16 Appearance of the CX600-16 .........................................................................................................4-1

Figure 4-18 Relationship between the power modules and slots........................................................................4-1

Figure 4-19 Appearance of the LCD ..................................................................................................................4-1

Figure 4-21 Management bus connection ..........................................................................................................4-1

Issue () Huawei Proprietary and Confidential vii

Figure 4-22 Appearance of the CX600-8 ...........................................................................................................4-1

Figure 4-23 Airflow of the CX600-8..................................................................................................................4-1

Figure 5-1 Diagram of an IP-Trunk....................................................................................................................5-1

Figure 5-2 Protocol stack of 1483B....................................................................................................................5-1

Figure 5-5 TDM service .....................................................................................................................................5-1

Figure 5-7 MC-Trunk .........................................................................................................................................5-1

Figure 6-1 Networking diagram of applying interface-based QinQ ...................................................................6-1

Figure 6-4 Networking diagram of applying multicast QinQ.............................................................................6-1

Figure 6-6 Application of tangent RRPP rings in the MAN ...............................................................................6-1

Figure 6-7 Structure of the IPv4/IPv6 dual stack ...............................................................................................6-1

Figure 6-9 Enlarging the network operation scope.............................................................................................6-1

Figure 6-10 Networking diagram of applying GRE in a CPE-based VPN.........................................................6-1

Figure 6-11 Networking diagram of applying GRE in a network-based VPN ...................................................6-1

Figure 6-15 6PE network topology ....................................................................................................................6-1