cloudengine 6800&5800 v100r002c00 product description 03

8/11/2019 CloudEngine 6800&5800 V100R002C00 Product Description 03

1/57

CloudEngine 6800&5800 Series Switches

V100R002C00

Product Description

Issue 03

Date 2013-12-01

HUAWEI TECHNOLOGIES CO., LTD.


2/57

Copyright Huawei Technologies Co., Ltd. 2013. All rights reserved.

No part of this document may be reproduced or transmitted in any form or by any means without prior written

consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the

customer. All or part of the products, services and features described in this document may not be within the

purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,

and recommendations in this document are provided "AS IS" without warranties, guarantees or representations

of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the

preparation of this document to ensure accuracy of the contents, but all statements, information, and

recommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base

Bantian, Longgang

Shenzhen 518129

People's Republic of China

Website: http://enterprise.huawei.com

Issue 03 (2013-12-01) Huawei Proprietary and Confidential

Copyright Huawei Technologies Co., Ltd.

i
http://enterprise.huawei.com/


3/57

About This Document

Intended Audience

This document describes the positioning, characteristics, usage scenarios, functions, system

architecture, operations and maintenance, and specifications of CloudEngine (CE) switches.

This document helps you understand the characteristics and features of CE switches.

This document is intended for:

l Network planning engineers

l Hardware installation engineers

l Commissioning engineers

l Data configuration engineers

l Onsite maintenance engineers

l Network monitoring engineers

l System maintenance engineers

Symbol Conventions

The symbols that may be found in this document are defined as follows.

Symbol Description

Indicates an imminently hazardous situation

which, if not avoided, will result in death or

serious injury.

Indicates a potentially hazardous situation

which, if not avoided, could result in death or

serious injury.


which, if not avoided, may result in minor or

moderate injury.


Product Description About This Document



ii


4/57

Symbol Description


which, if not avoided, could result in

equipment damage, data loss, performancedeterioration, or unanticipated results.

NOTICE is used to address practices not

related to personal injury.

NOTE Calls attention to important information, best

practices and tips.

NOTE is used to address information not

related to personal injury, equipment damage,

and environment deterioration.

Change History

Changes between document issues are cumulative. The latest document issue contains all the

changes made in earlier issues.

Issue 03 (2013-12-01)

This is the third commercial release.

Issue 02 (2013-11-20)

This is the second commercial release.

Issue 01 (2013-08-01)

Initial commercial release.


Product Description About This Document



iii


5/57

Contents

About This Document.....................................................................................................................ii

1 Product Positioning and Characteristics...................................................................................1

1.1 Product Positioning.........................................................................................................................................................2

1.2 Product Characteristics...................................................................................................................................................21.2.1 High Performance and High Port Density...................................................................................................................2

1.2.2 Front-to-Rear/Rear-to-Front Ventilation Channels.....................................................................................................3

1.2.3 Simplified Operations and Maintenance.....................................................................................................................4

1.2.4 Easy-to-Deploy, Easy-to-Maintain High-Performance Stacking................................................................................5

1.2.5 Abundant Data Center Service Features......................................................................................................................5

2 Typical Applications.....................................................................................................................7

2.1 ToR Application.............................................................................................................................................................8

2.2 EoR Application.............................................................................................................................................................9

3 Structures of CE6800&5800 Series Switches..........................................................................10

4 Product Features...........................................................................................................................14

4.1 Feature List...................................................................................................................................................................15

4.2 Ethernet Features..........................................................................................................................................................20

4.2.1 Link Aggregation.......................................................................................................................................................20

4.2.2 Interface-based Flow Control....................................................................................................................................21

4.2.3 Traffic Suppression....................................................................................................................................................21

4.2.4 VLAN........................................................................................................................................................................21

4.2.5 QinQ..........................................................................................................................................................................22

4.3 STP/RSTP/MSTP.........................................................................................................................................................22

4.3.1 STP and RSTP...........................................................................................................................................................22

4.3.2 MSTP.........................................................................................................................................................................22

4.3.3 MSTP Protection.......................................................................................................................................................23

4.4 Port Security.................................................................................................................................................................23

4.5 Link Detection..............................................................................................................................................................24

4.6 IP Features....................................................................................................................................................................24

4.6.1 IPv4/IPv6 Dual-Stack................................................................................................................................................24

4.6.2 IPv4............................................................................................................................................................................24

4.6.3 IPv6............................................................................................................................................................................25


Product Description Contents



iv


6/57

4.7 Routing.........................................................................................................................................................................25

4.8 Multicast.......................................................................................................................................................................25

4.8.1 Layer 2 Multicast.......................................................................................................................................................25

4.8.2 Layer 3 Multicast.......................................................................................................................................................26

4.9 QoS...............................................................................................................................................................................27

4.9.1 Traffic Classification.................................................................................................................................................27

4.9.2 Access Control and Re-Marking...............................................................................................................................28

4.9.3 Traffic Policing..........................................................................................................................................................28

4.9.4 Congestion Management...........................................................................................................................................28

4.9.5 Congestion Avoidance...............................................................................................................................................29

4.9.6 Rate-limiting on an Interface.....................................................................................................................................29

4.9.7 Two-Rate-Three-Color..............................................................................................................................................29

4.10 Security.......................................................................................................................................................................30

4.10.1 DeviceSecurity........................................................................................................................................................30

4.10.2 ServiceSecurity.......................................................................................................................................................31

4.11 MAC-Forced Forwarding...........................................................................................................................................32

4.12 DHCP..........................................................................................................................................................................33

4.13 NetworkManagement................................................................................................................................................34

4.13.1 LLDP.......................................................................................................................................................................34

4.13.2 NQA.........................................................................................................................................................................34

4.13.3 NetStream................................................................................................................................................................35

4.13.4 sFlow.......................................................................................................................................................................36

4.14 Smart Link and Multi-Instance...................................................................................................................................36

4.15 Stacking......................................................................................................................................................................37

4.16 Data Center Features..................................................................................................................................................37

4.16.1 TRILL......................................................................................................................................................................37

4.16.2 DCB.........................................................................................................................................................................38

4.16.3 FCoE........................................................................................................................................................................38

4.16.4 VM Detection..........................................................................................................................................................38

4.16.5 Forwarding Based on the VEPA.............................................................................................................................39

5 Operation Maintenance and Network Management ...........................................................405.1 Maintenance and Management.....................................................................................................................................41

5.1.1 Configuration Modes.................................................................................................................................................41

5.1.2 Monitoring and Maintenance.....................................................................................................................................41

5.1.3 Diagnosis and Debugging..........................................................................................................................................42

5.1.4 Software Upgrade and In-Service Patching...............................................................................................................43

5.1.5 Hardware Fault Handling..........................................................................................................................................43

5.2 eSight............................................................................................................................................................................43

6 System Parameters.......................................................................................................................45

6.1 Specifications................................................................................................................................................................46


Product Description Contents



v


7/57

1Product Positioning and CharacteristicsAbout This Chapter

1.1 Product Positioning

1.2 Product Characteristics


Product Description 1 Product Positioning and Characteristics



1


8/57


9/57

l CE5810-24T4S-EI:Provides twenty-four 10/100/1000BASE-T Ethernet ports, four 10G

SFP+ Ethernet optical ports.

l CE5810-48T4S-EI:Provides forty-eight 10/100/1000BASE-T Ethernet ports, four 10G

SFP+ Ethernet optical ports.

l CE5850-48T4S2Q-EI: Provides forty-eight 10/100/1000BASE-T Ethernet ports, four 10G

SFP+ Ethernet optical ports, and two 40G QSFP+ Ethernet optical ports.

l CE6850-48S4Q-EI: Provides forty-eight 10G SFP+ Ethernet optical ports and four 40G

QSFP+ Ethernet optical ports

l CE6850-48T4Q-EI: Provides forty-eight 10G BASE-T Ethernet ports and four 40G QSFP

+ Ethernet optical ports

CE6800&5800 switches provide high-performance 40GE ports, which can connect to high-

density 40GE line processing units (LPUs) on CE12800 switches to construct full-40G data

center networks.

1.2.2 Front-to-Rear/Rear-to-Front Ventilation Channels

CE6800&5800 switches use front-to-rear/rear-to-front ventilation channels. This design isolates

cold air from hot air channels, improves heat dissipation efficiency, and lowers power

consumption, without the need to reconstruct racks in the data center equipment room.

Figure 1-2and Figure 1-3show the front-to-rear/rear-to-front ventilation channels on

CE6800&5800 switches. The airflow direction in the ventilation channels can be changed by

configuring fan modules and power modules.

Figure 1-2Front-to-rear ventilation channels





3


10/57

Figure 1-3Rear-to-front ventilation channels

1.2.3 Simplified Operations and Maintenance

CE6800&5800 switches' architecture separates the data plane from the management plane.

l The management ports, fan modules, and power modules are at the front side of the switch

for easy maintenance.

l The data ports are at the rear side of the switch to facilitate cabling and maintenance.

CE6800&5800 switches optimize indicators in the following aspects to facilitate easy

maintenance of data center networks with high device densities:

l Redundant system indicator

CE6800&5800 switches have system indicators on both the front side (with management

ports) and rear side (with data ports). These system indicators show the system status andstack status, helping administrators easily monitor the system status.

l Easy-to-read port indicator

Innovative 40G port indicators clearly show the running status of 40GE ports that have

been converted into four 10GE ports.

l Easy-to-maintain stack indicator

The stack indicator shows the role and ID of the switch in a stack system, helping

administrators maintain the stack system.

l Innovative positioning indicator

CE6800&5800 switches have a positioning indicator that allows administrators to remotely

position a switch quickly. Administrators can turn on switches' positioning indicators





4


11/57

through the network management system (NMS) or console so that they can quickly find

the switches that require maintenance. Positioning indicators are blue, making them easy

to find.

1.2.4 Easy-to-Deploy, Easy-to-Maintain High-PerformanceStacking

A maximum of 16 CE6800&5800 switches can be added to a stack system. The stack system

has the following advantages:

l High performance

A stack system provides more than 768 GE/10GE ports.

l High bandwidth

Stacked CE5800 switches support 80 Gbit/s stack bandwidth, and stacked CE6800 switches

support 160 Gbit/s stack bandwidth, making a stacking bandwidth bottleneck unlikely tooccur.

l Fast recovery

The ring stack topology allows for system recovery within 200 ms.

l Easy to deploy and maintain

The pre-deployment and offline configuration functions allow users to plan and pre-

configure the system and add devices on demand. This feature offers a Pay As You

Grow solution.

Users can specify device IDs in a stack system to easily identify, locate, and maintain

devices.

Indicators clearly identify the role and status of the device in a stack system. With these

indicators, users can complete basic maintenance tasks on a stack system without a PC.

l Simple upgrade

A stack system supports quick software upgrades and automatic software upgrades,

simplifying the upgrade process and reducing workload.

1.2.5 Abundant Data Center Service Features

CE6800&5800 switches have a wide range of data center service features, including the

following:l Fiber Channel over Ethernet (FCoE) and Data Center Bridging (DCB)

FCoE, Data Center Bridging Exchange (DCBX) in 802.1Qaz, Priority-based Flow

Control (PFC) in 802.1Qbb, and Enhanced Transmission Selection (ETS) in 802.1Qaz

allow fiber channels (FCs) to run on a converged lossless Enhanced Ethernet, thereby

lowering networking costs.

FCoE and DCB can seamlessly interconnect with the existing FC infrastructure,

protecting investments in the FC storage area network (FC SAN).

NOTE

Only CE6800 supports FCoE and DCB.

l Virtualization and virtual machine (VM) access





5


12/57

Server virtualization improves data center efficiency.

VM detection enables switches to automatically migrate network policies during VM

migrations, so network sources can be allocated on demand. With the technologies that

enable large Layer 2 networking, VMs can migrate freely across the entire data center

network.

l Transparent Interconnection of Lots of Links (TRILL)

TRILL is an Internet Engineering Task Force (IETF) standard that allows for super

large, flexible networking.

TRILL implements multi-path load balancing to balance traffic among multiple paths

in response to service requirements.

TRILL can quickly detect network changes and complete network convergence within

a short time.





6


13/57

2Typical ApplicationsAbout This Chapter

2.1 ToR Application

2.2 EoR Application


Product Description 2 Typical Applications



7


14/57

2.1 ToR Application

Top of rack (ToR) is a cabling mode in a server cabinet. Switches deployed in ToR mode are

called ToR switches. The ToR mode applies to data center networks with high server densities.

As shown in Figure 2-1, ToR switches are deployed at the top of server cabinets. Two ToR

switches in two adjacent server cabinets form a stack system, and servers are dual-homed to the

two ToR switches. The access ports on the two ToR switches constitute a link aggregation group

(LAG).

Figure 2-1ToR application

Aggregation Switch

RACK

Switch

Server

Server

Server

Server

Server

Server

Server

Server

Switch

Server

Server

Server

Server

Server

Server

Server

Server

RACK

ToR networking has the following advantages:

l The stack system can eliminate bandwidth bottlenecks. In the stack system, ToR switches

are stacked using 10GE/40GE ports, and all stack cables work in Active state, greatly

improving stack bandwidths.

l The access reliability of the stack system is high. Master and backup ports on servers are

connected to two ToR switches simultaneously, and the access ports on the two ToR

switches work in LAG mode. Therefore, the Spanning Tree Protocol (STP) is not required,

and a switchover is completed within 100 ms once a fault has occurred.

l ToR switches support 40GE uplink ports that can be used together with high-density 40GE

LPUs on CE12800 switches to construct high-performance 40GE data center networks.





8


15/57

2.2 EoR Application

End of row (EoR) is a cabling mode in a server cabinet. Switches deployed in EoR mode arecalled EoR switches.

The EoR mode applies to data center networks with low densities of servers. At the end of each

row of server cabinets, there are two network cabinets where access switches are installed.

Servers in cabinets along the row share these access switches. As shown in Figure 2-2, access

switches in the network cabinets form a stack system and provide high access port densities.

Figure 2-2EoR application

40G

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

Switch

EoR networking has the following advantages:

l High access port densities. A maximum of 16 CE6800&5800 switches can be added to a

stack system and provide more than 768 GE/10GE access ports.

l Improved user experience. CE6800&5800 switches use the same operating system as the

CE12800 and support chassis architecture. After being stacked, CE6800&5800 switches

can work as a chassis switch and provide the same application experience as the CE12800.

l Super-high stack bandwidth. The EoR networking mode eliminates the stack system

bottleneck to the maximum extent and improves performance of the entire system.





9


16/57

3Structures of CE6800&5800 Series SwitchesFront View

Figure 3-1, Figure 3-2, Figure 3-3, Figure 3-4, and Figure 3-5show front views (power supply

side) of CE6800&5800 chassis.

Figure 3-1CE5850-48T4S2Q-EI front view (power supply side)

1 23 45 6 87

Figure 3-2CE6850-48S4Q-EI front view (power supply side)

1 23 45 6 87

Figure 3-3CE6850-48T4Q-EI front view (power supply side)

1 23 456 87

Figure 3-4CE5810-24T4S-EI front view (power supply side)

1 23 456 87


Product Description 3 Structures of CE6800&5800 Series Switches



10


17/57

Figure 3-5CE5810-48T4S-EI front view (power supply side)

1 23 456 87

l 1. Power supply slot 1

l 2. Power supply slot 2

Available power modules:

l CE5800: 150 W AC power

module, 350 W DC power

module

l CE6850-48S4Q-EI: 350 WAC power module, 350 W

DC power module

l CE6850-48T4Q-EI: 350 W

AC power module, 600 W

AC power module

l 3. Fan slot 1

l 4. Fan slot 2

Available fans:

l CE5810: FAN-40SB series

fan modules

l CE5850: FAN-40EA series

fan modulesl CE6850: FAN-40EA series

fan modules

NOTE

Earlier versions of the

CE5850-48T4S2Q-EI use the

FAN-40SA serial fan modules.

5. Console port

NOTE

This port is used for first-

time login or local device

configuration.

6. ETH management port

NOTE

This port is used for local or remote

device configuration.

7. Bar code label

NOTE

This label is drawable, and you

can pull it outward to view the barcode and MAC address of the

switch.

8. USB port

NOTE

This port is used for device

deployment, configurationfile transfer, and upgrade.

Rear View

Figure 3-6, Figure 3-7, Figure 3-8, Figure 3-9, and Figure 3-10show rear views (port side)

of CE6800&5800 chassis.

Figure 3-6CE5850-48T4S2Q-EI rear view (port side)

51 4

Figure 3-7CE6850-48S4Q-EI rear view (port side)

3 6





11


18/57

Figure 3-8CE6850-48T4Q-EI rear view (port side)

2 6

Figure 3-9CE5810-24T4S-EI rear view (port side)

7 4

Figure 3-10CE5810-48T4S-EI rear view (port side)

1 4

1. Forty-eight

10/100/1000BASE-T Ethernetelectrical ports

2. Forty-eight 10GBASE-T

Ethernet electrical portsNOTE

When a CE6850-48T4Q-EI switch

uses 350 W AC power modules and

all its ports are in use, the length of

each network cable used on the

switch cannot exceed 30 m.

3. Forty-eight 10GE

SFP+ Ethernet opticalports

4. Four 10GE SFP+ Ethernet

optical ports

5. Two 40GE QSFP+ Ethernet

optical ports

NOTE

A 40GE QSFP+ port of a

CE5850-48T4S2Q-EI switch

cannot be converted into four 10GE

SFP+ ports.

6. Four 40GE QSFP+

Ethernet optical ports

NOTE

A 40GE QSFP+ port of a

CE6800 switch can be

converted into four 10GE

SFP+ ports.

7. Twenty-four

10/100/1000BASE-T Ethernet

electrical ports

- -

Side View

Figure 3-11, Figure 3-12, Figure 3-13, and Figure 3-14show side views of CE6800&5800

chassis.





12


19/57

Figure 3-11CE5850-48T4S2Q-EI, CE5810-24T4S-EI, and CE5810-48T4S-EI side view (left

side)

1 2

1 1

2

2 2

Figure 3-12CE5850-48T4S2Q-EI, CE5810-24T4S-EI, and CE5810-48T4S-EI side view (right

side)

12

1 1

2

2 2 3

Figure 3-13CE6850-48T4Q-EI and CE6850-48S4Q-EI side view (left side)

1 2

1 1

2

2 24 4

4 4

Figure 3-14CE6850-48T4Q-EI and CE6850-48S4Q-EI side view (right side)

12

1 1

2

2 2 4 4

4 4

3

1. Three port-side

mounting holes for

mounting brackets

2. Four power-supply-

side mounting holes

for mounting brackets

3. Ground screw 4. Four middle

mounting holes for

mounting brackets





13


20/57

4Product FeaturesAbout This Chapter

4.1 Feature List

4.2 Ethernet Features

4.3 STP/RSTP/MSTP

4.4 Port Security

4.5 Link Detection

4.6 IP Features

4.7 Routing

4.8 Multicast

4.9 QoS

4.10 Security

4.11 MAC-Forced Forwarding

4.12 DHCP

4.13 Network Management

4.14 Smart Link and Multi-Instance

4.15 Stacking

4.16 Data Center Features


Product Description 4 Product Features



14


21/57

4.1 Feature List

Table 4-1lists the features supported by CE6800&5800 switches.

Table 4-1Features supported by CE6800&5800 switches

Feature Description

Ethernet Ethernet l Operating modes of full-duplex and auto-negotiation

l Operating rates of an Ethernet interface, including 10 Mbit/

s, 100 Mbit/s, 1000 Mbit/s, 10 Gbit/s, 40 Gbit/s, and auto-

negotiation

NOTE

l GE electrical interfaces support the operating rates of 10 Mbit/s, 100 Mbit/s, and 1000 Mbit/s.

l 10GE electrical interfaces support the operating rates of 100

Mbit/s, 1000 Mbit/s, and 10 Gbit/s.

l 10GE optical interfaces support the operating rates of 1000

Mbit/s and 10 Gbit/s.

l 40GE optical interfaces support only the operating rate of 40

Gbit/s.

l Flow control on interfaces

NOTE

10GE/40GE optical interfaces do not support flow control.

l Jumbo frames

l Link aggregation

l Load balancing among links within a trunk

l Interface isolation and forwarding restrictions

l Broadcast storm suppression

Virtual Local

Area

Network

(VLAN)

l Multiple interface types: access, trunk, hybrid, and 802.1Q-

in-802.1Q (QinQ)

l Multiple access modes: access, trunk, hybrid, and QinQ

l VLAN assignment: port-based, MAC address-based VLAN

assignment

l VLAN aggregation

l MUX VLAN

Media

Access

Control

(MAC)

l Automatic learning and aging of MAC addresses

l Static, dynamic, and blackhole MAC address entries

l Packet filtering based on source MAC addresses

l Interface-based MAC learning limiting





15


22/57

Feature Description

Link Layer

Discovery

Protocol(LLDP)

Support for LLDP

Virtual

interface

configuratio

n table

(VCT)

Support for VCT

Ethernet

loop

protection

Multiple

Spanning

Tree

Protocol(MSTP)

l Spanning Tree Protocol (STP)

l Rapid Spanning Tree Protocol (RSTP)

l MSTP

l Bridge protocol data unit (BPDU) protection, root

protection, and loop protection

l Partitioned STP and Layer 2 protocol transparent

transmission

IP features Address

Resolution

Protocol

(ARP)

l Static and dynamic ARP entries

l ARP in a VLAN

l Aging of ARP entries

l ARP and Reverse Address Resolution Protocol (RARP)

l ARP proxy

l Auto-detection

IPv6 l IPv4/IPv6 dual-stack

l Neighbor Discovery (ND)

Dynamic

Host

Configuratio

n Protocol

(DHCP)

l DHCP server

l DHCP relay

l DHCP snooping





16


23/57

Feature Description

IP

forwardin

g

Unicast

routing

l IPv4/IPv6 static routing

l Routing Information Protocol version 1 (RIP-1), RIP-2, and

RIPng

l )Open Shortest Path First (OSPF), including OSPFv2 and

OSPFv3

l Intermediate System to Intermediate System (IS-IS)

l Border Gateway Protocol 4.0 (BGP4) and Border Gateway

Protocol for IPv6 (BGP4+)

l Routing protocol

l Policy-based routing

l Unicast Reverse Path Forwarding (URPF) check

lVirtual Routing Forwarding (VRF)

VPN l Virtual Routing Forwarding (VRF)

Multicast

routing

l Internet Group Management Protocol Version 1/2/3

(IGMPv1/v2/v3)

l PIM-SM (IPv4) and PIM-SM (IPv6)

l PIM-SSM (IPv4) and PIM-SSM (IPv6)

l MLDv1 and MLDv2

l MLD SSM Mapping

l Multiprotocol BGP (MBGP)

l Multicast Source Discovery Protocol (MSDP)

l Multicast routing policies

l Reverse Path Forwarding (RPF)

l Bidirectional PIM

Device

reliability

Bidirectional

Forwarding

Detection

(BFD)

l Basic BFD functions

l BFD for OSPF

l BFD for IS-IS

l BFD for BGP

l BFD for PIM

l BFD for static routing

l BFD for VRRP

Others l Virtual Router Redundancy Protocol (VRRP)

l Device Link Detection Protocol (DLDP)

l Smart Link





17


24/57

Feature Description

Layer 2

multicast

features

Layer 2

multicast

l IGMP snooping

l IGMP proxy

l Fast leave

l Multicast traffic control

l Multicast VLAN

QoS

features

Traffic

classification

l Traffic classification based on combination of the L2

protocol header, IP 5-tuple, outbound interface, and 802.1p

priority

l Traffic classification based on the C-VID and C-PRI of QinQ

packets

Traffic

behavior

l Access control after traffic classification

l Traffic policing based on traffic classifiers

l Re-marking based on the traffic classification result

l Class-based packet queuing

l Association between traffic classifiers and traffic behaviors

Queue

scheduling

l Priority queuing (PQ) scheduling

l Deficit round robin (DRR) scheduling

l PQ+DRR scheduling

l Weighted round robin (WRR) scheduling

l PQ+WRR scheduling

Congestion

avoidance

Weighted Random Early Detection (WRED)

Rate limiting

on outbound

interfaces

Rate limiting on outbound interfaces

Virtualizat

ion

Many-to-one

virtualizatio

n

l Intelligent Stack (iStack)

l Stack split and merge

l Dual-active detection

l Version and configuration synchronization

Data

center

features

Transparent

Interconnecti

on of Lots of

Links

(TRILL)

TRILL features

NOTE

CE5810 does not support TRILL.





18


25/57

Feature Description

Data Center

Bridging

(DCB)

l Data Center Bridging Exchange Protocol (DCBX)

l Priority-based Flow Control (PFC)

l Enhanced Transmission Selection (ETS)

NOTE

Only CE6800 supports DCB.

Fiber

channel over

Ethernet

(FCoE)

FIP Snooping Bridge (FSB)

NOTE

Only CE6800 supports FCoE.

Virtual

awareness

l Virtual awareness

l Automatic policy deployment

l Automatic policy migration

Forwarding

mode based

on the

Virtual

Ethernet Port

Aggregator

(VEPA)

Forwarding mode based on the VEPA

Configura

tion and

maintenance

Terminal

service

l Command line configuration

l Error messages and online help in English and Chinese

l Login through console and Telnet terminals

l Send function and data communications between terminal

users

File system l Directory and file management

l File upload and download using File Transfer Protocol (FTP)

and Trivial File Transfer Protocol (TFTP)

Debugging

and

maintenance

l Unified management of logs, alarms, and debugging

information

l Electronic labels

l User operation logs

l Detailed debugging information for network fault diagnosis

l Network test tools such as tracert and ping commands

l Port mirroring and traffic mirroring

Version

upgrade

l Device software loading and in-service software loading

l In-service upgrade using the basic input/output system

(BIOS) menu

l In-service patching





19


26/57


27/57

l Destination MAC address

l Source and destination MAC addresses

l Source IP address

l

Destination IP addressl Source and destination IP addresses

l Transport-layer source port

l Transport-layer destination port

l Transport-layer source and destination ports

l User-defined load balancing modes for Layer 2 packets, IPv4 packets, and MPLS packets

Link aggregation technology increases transmission bandwidth and improves link reliability

efficiently and cost-effectively, without the need to upgrade hardware.

4.2.2 Interface-based Flow ControlFlow control based on interfaces is a method for congestion management. CE6800&5800

switches implement flow control on interfaces using a hardware backpressure mechanism. When

an interface works in full-duplex mode, CE6800&5800 switches implement flow control on the

interface in accordance with the IEEE 802.3x standard.

When congestion occurs, CE6800&5800 switches send consecutive Pause frames to the

upstream device, requesting the upstream device to stop sending data for a specified period of

time. When the upstream device receives the Pause frames, it reduces the volume of traffic sent

from its outbound interface. Interface-based flow control takes effect on all traffic types.

4.2.3 Traffic Suppression

Traffic suppression limits the number of unknown unicast packets, multicast packets, and

broadcast packets to within a proper range to ensure network efficiency.

On the CE6800&5800 series switches, you can configure traffic limits for unknown unicast

packets, multicast packets, and broadcast packets. When the rate of these packets on an interface

or a VLAN exceed the limits, the switches drop excess packets to control the traffic rate within

a proper range, ensuring normal operations of network services.

The CE6800&5800 series switches can also control the percentages of unknown unicast packets,

multicast packets, and broadcast packets on an interface.

4.2.4 VLAN

A local area network (LAN) can be divided into several logical LANs. Each logical LAN is a

broadcast domain, called a virtual LAN or VLAN. To put it simply, devices on a LAN are

logically grouped into different LAN segments, regardless of their physical locations. VLANs

isolate broadcast domains on a LAN.

VLAN Aggregation

To implement communication between VLANs on CE6800&5800 switches, users can configure

VLANIF interfaces and assign an IP address to each VLANIF interface. This implementation,





21


28/57


29/57


30/57

l Dynamic or static MAC addresses in the DHCP snooping table

l Dynamic MAC addresses that are learned before the number of learned MAC addresses

reaches the upper limit

When an interface receives frames with invalid source MAC addresses, CE6800&5800 switchesdiscard the frames or generate an alarm.

4.5 Link Detection

CE6800&5800 switches support link detection. This link detection feature provides two means

to detect link faults on LANs: loopback detection and virtual cable test (VCT).

l Loopback detection is used to detect whether loops exist on a LAN. CE6800&5800

switches send specific packets to detect loops over the entire LAN.

l VCT is used to estimate network cable length and locate failure points on the cable.

CE6800&5800 switches simulate radar to detect cable faults and locate the failure points

along a single link.

4.6 IP Features

NOTE

If you need IPv6 features on CE12800 switches, buy licenses from Huawei.

4.6.1 IPv4/IPv6 Dual-Stack

IPv4/IPv6 dual-stack features good interoperability and easy implementation. Figure 4-1shows

the IPv4/IPv6 dual-stack structure.

Figure 4-1IPv4/IPv6 dual-stack structure

IPv4/IPv6 Application

TCP UDP

Link Layer

I P v 4 I P v 6

4.6.2 IPv4

The CE6800&5800 supportthe following IPv4 features:





24


31/57

l TCP/IP protocol suite, including ICMP, IP, TCP, UDP, socket (TCP/UDP/Raw IP), and

ARP

l Static DNS, which the DNS server address manually specified

l FTP server/client and TFTP client

l DHCP relay, DHCP server, and DHCP snooping

l Ping, tracert, and NQA.

l Bidirectional Forwarding Detection (BFD) features, including BFD for OSPF, BFD for

ISIS, BFD for BGP, and BFD for PIM

4.6.3 IPv6

The CE6800&5800 supportthe following IPv6 features:

l IPv6 Neighbor Discovery (ND)

l Path MTU Discovery (PMTU)

l TCP6, ping IPv6, tracert IPv6, socket IPv6, UDP6, and Raw IP6

4.7 Routing

The CE12800 supports the following routing features:

l Static routes that are manually configured by the administrator to simplify network

configurations and improve network performance

l IPv4 routing protocols, including RIPv1/v2, OSPF, IS-IS (IPv4), and BGP

l IPv6 routing protocols, including RIPng, OSPFv3, IS-IS (IPv6), and BGP4+

l Virtual routing forwarding (VRF) multi-instance and IP address overlapping

l Optimal route selection using routing policies

4.8 Multicast

4.8.1 Layer 2 Multicast

The CE6800&CE5800 series switches support Layer 2 multicast (IP multicast at the data link

layer). Layer 2 multicast implements on-demand forwarding of multicast data within a broadcast

domain. This feature conserves network bandwidth and improves security of data transmission.

The CE6800&CE5800 series switches support the following Layer 2 multicast functions:

l IGMP snooping: This function is deployed on a switch between hosts and a multicast router.

The switch not only supports static multicast forwarding entries, but also generates dynamic

Layer 2 multicast forwarding entries with multicast groups, VLANs, and outbound

interfaces by listening to IGMP messages exchanged between the hosts and multicast

router. When the CE6800&CE5800 series switches receive multicast cast data packets,

they forward the packets to the receivers in the corresponding VLAN according to the Layer

2 forwarding table.





25


32/57


33/57

join the rendezvous point tree (RPT) of the nearest RP. In this manner, load balancing is

implemented among the RPs. When an RP fails, sources and receivers registered with this

RP choose another nearest RP. This RP redundancy mechanism enhances network

reliability.

l Multicast static routes

l Route filtering: The multicast routing module can filter multicast routes it receives and

advertises using routing policies. It can also use routing policies to filter and forward IP

multicast packets.

l Reverse path forwarding (RPF) check.

4.9 QoS

CE6800&5800 switches provide a class-based QoS mechanism and support 802.1p priorities

for minimizing end-to-end delay and jitter and optimizing bandwidth.

CE6800&5800 switches classify traffic based on specific rules and take actions on traffic to

better support value-added services such as next generation network (NGN) services, IPTV, and

broadband access. The actions include priority re-marking, traffic policing, congestion

management, congestion avoidance, and rate limiting on an interface.

4.9.1 Traffic Classification

Traffic classification assesses packet header information against a set of rules to identify packets

of a certain type. For example, the 802.1p priority of packets sent by the operating support system

(OSS) and NMS is set to 7; the 802.1p priority of voice over IP (VoIP) packets is set to 6; the

802.1p priority of broadcast TV (BTV) packets and video on demand (VoD) packets is set to 5

or 4; the 802.1p priority of packets sent by virtual private network (VPN) users is set to 3, 2, or

1 according to the level of VPN users; and the 802.1p priority of Internet access service packets

is set to 0. Packets are classified based on their 802.1p priorities.

CE6800&5800 switches use a hardware classifier to ensure line-rate transmission of service data

on interfaces.

Users can define rules to classify packets and specify the relationships between rules.

l and: Packets match a traffic classifier only when the packets match all the rules.

l or: Packets match a traffic classifier as long as the packets match one of the rules.

Table 4-2describes the traffic classification rules.





27


34/57

Table 4-2Traffic classification rules

Layer Traffic Classification Rule

Layer 2 l VLAN ID in the outer tag of a VLAN packet

l VLAN ID in the inner tag of a VLAN packet

l 802.1p priority in the outer tag of a VLAN packet

l 802.1p priority in the inner tag of a VLAN packet

l Source MAC address

l Destination MAC address

Layer 3 l DSCP priority in IP packets

l IP precedence in IP packets

l IP protocol type

Layer 4 l TCP SYN flag in TCP packets

Others l Inbound interface

l Outbound interface

l ACL

4.9.2 Access Control and Re-Marking

After traffic classification, CE6800&5800 switches perform access control on packets bypermitting or rejecting the packets. When packets are permitted, CE6800&5800 switches re-

mark the following information in the packets:

l 802.1p priority (PRI field in the VLAN tag)

l DSCP field

l Precedence field of IP packets

4.9.3 Traffic Policing

CE6800&5800 switches use a token bucket algorithm to police and control incoming traffic,implementing the committed access rate (CAR).

The traffic rate is controlled by limiting the speed at which tokens are placed in the token bucket.

When the traffic rate exceeds the upper limit, CE6800&5800 switches discard excess traffic so

that the traffic remains within an acceptable range. This function saves network resources and

protects the investments of customers.

4.9.4 Congestion Management

CE6800&5800 switches use queue scheduling technologies to implement congestion

management. Each outbound interface on CE6800&5800 switches has eight queues. After

packets are classified, they enter the appropriate queues based on their priorities.





28


35/57

CE6800&5800 switches support the following queue scheduling policies:

l PQ

l WRR

lDRR

l PQ+WRR

l PQ+DRR

4.9.5 Congestion Avoidance

To remove congestion, a switch quickly discards packets to release queue resources and does

not put packets in long-delay queues.

The CE6800&5800 switches support the Weighted Random Early Detection (WRED)

algorithm. WRED monitors packets in each queue, compares the queue length with upper and

lower drop thresholds, and when congestion occurs, processes packets in queues based on thefollowing rules when congestion occurs:

l When the length of a queue is smaller than the lower drop threshold, no packet is discarded.

l When the length of a queue is between the upper drop threshold and the lower drop

threshold, WRED discards packets randomly based on the maximum drop probability.

l When the length of a queue exceeds the upper drop threshold, all packets in the queue are

discarded.

4.9.6 Rate-limiting on an Interface

Rate-limiting an interface proactively adjusts the rate of traffic on the interface in order to preventburst traffic and lower the packet loss rate. CE6800&5800 switches use a token bucket and a

buffer to rate-limit interfaces, implementing traffic shaping. When the rate of packets exceeds

the rate limit, CE6800&5800 switches buffer excess packets and send them after the traffic rate

falls below the rate limit. In this manner, the packet transmission rate is smoothed.

4.9.7 Two-Rate-Three-Color

CE6800&5800 switches control traffic based on the traffic classification results and discard

excess packets when the rate of packets exceeds the rate limit. CE6800&5800 switches support

two-rate-three-color markers. Users can set the following parameters on CE6800&5800

switches:

l Committed information rate (CIR), which is the average rate of traffic that can pass through

an interface

l Committed burst size (CBS), which is the average volume of burst traffic that can pass

through an interface

l Peak information rate (PIR), which is the maximum rate of traffic that can pass through an

interface

l Peak burst size (PBS), which is the maximum volume of burst traffic that can pass through

an interface

In addition, CE6800&5800 switches can mark packets red, green, or yellow according to the

traffic volume, map behaviors (such as permit or deny) to the colors, and re-mark packets.





29


36/57

4.10 Security

CE6800&5800 switches ensure both device security and service security.

4.10.1 Device Security

Hierarchical Command Protection

CE6800&5800 switches authenticate users when they are logging in to CE6800&5800 switches

in Telnet mode from an Ethernet interface. Only authenticated users can configure and maintain

CE6800&5800 switches.

CE6800&5800 switches use a hierarchical protection mode for commands, and define four

command levels in ascending order: visit level, monitoring level, configuration level, andmanagement level. Users are also classified corresponding to the four command levels. Users

can use only the commands at the same or lower level than their own levels. This implementation

effectively controls user rights.

CE6800&5800 switches can combine command levels and user levels to extend to 16 total levels

for more finely grained user management.

Remote SSH Login

CE6800&5800 switches support Secure Shell (SSH). On an insecure network, SSH provides a

security guarantee and authentication functions for user logins and defends against multiple

attacks.

SNMP Encrypted Authentication

CE6800&5800 switches support encrypted authentication through Simple Network

Management Protocol version 3 (SNMPv3). When CE6800&5800 switches are managed by the

network management system (NMS) through SNMP, the encrypted authentication mode in the

user-based security model (USM) can be used to ensure switch security.

AAA

CE6800&5800 switches support Authentication, Authorization, and Accounting (AAA).

Together with hierarchical command protection, CE6800&5800 switches can authenticate and

authorize login users. In addition, CE6800&5800 switches can authenticate NMS users. The

AAA mechanism enables CE6800&5800 switches to prevent unauthorized access.

CE6800&5800 switches support multiple authentication methods such as local, Remote

Authentication Dial-In User Service (RADIUS), and Huawei Terminal Access Controller

Access Control System (HWTACACS) authentication modes.

CPU Attack Defense

CE6800&5800 switches can filter the protocol packets and management packets sent to the CPU

based on the protocol ID, port number, or combination of the port number and VLAN ID. This

filtering protects CPU channels from denial of service (DoS) attacks.





30


37/57

4.10.2 Service Security

VLAN Assignment

CE6800&5800 switches support division of a LAN into multiple VLANs. Devices in different

VLANs cannot communicate with each other. This function isolates broadcast domains and

improves service security.

MAC Address Learning Limit on Interfaces

Users can set the maximum number of MAC addresses that a CE6800&5800 interface can learn,

to prevent hackers from initiating source MAC address attacks from the interface. This setting

ensures that the MAC address entries on CE6800&5800 switches will not be used up.

Blackhole MAC Address Entry

CE6800&5800 switches support blackhole MAC address entries. When receiving a packet,

CE6800&5800 switches compare the source or destination MAC address of the packet with

MAC address entries. If the source or destination MAC address of the packet is a blackhole

MAC address entry, CE6800&5800 switches discard the packet.

Once detecting that packets with a specific MAC address are prone to attacks, users can set a

blackhole MAC entry to filter out packets with this MAC address. This setting defends

CE6800&5800 switches against MAC address attacks.

MAC Table LookupTo improve interface security, CE6800&5800 switches support MAC table lookup based on

VLAN IDs and MAC addresses to improve interface security. The network administrator can

add static entries to the MAC address table. A static entry defines the mapping between a MAC

address and an interface. In this way, devices with specific MAC addresses are bound to

interfaces, which defends CE6800&5800 switches against attacks from packets with forged

MAC addresses.

Port Isolation

Port isolation prevents interfaces on the same CE6800&5800 switches from sending Layer 2

packets to each other. CE6800&5800 switches support unidirectional and bidirectional portisolation. Port isolation ensures security of user networks and helps construct cost-effective,

intelligent community networks. Port isolation also effectively controls broadcast packets and

increases network throughput.

Packet Filtering

Packet filtering is used to filter out invalid or unwanted packets.

CE6800&5800 switches can filter out packets based on user-defined rules, for example, by

checking the MAC address, IP address, port number, and VLAN ID of packets. Packet filtering

does not check the session status or analyze data. The packet filtering technology enables

CE6800&5800 switches to effectively control the packets that pass through.





31


38/57

4.11 MAC-Forced Forwarding

The access layer provides network connections between the user-side hosts and the telecomcarrier-side access routers (ARs), including the reliable connections between the hosts and the

Internet or other IP networks.

The access layer is divided into the user network and aggregation network. The user network is

connected to an access node (AN) through a subscriber line (which is a physical line), and the

AN connects the subscriber line to the aggregation network. Therefore, the AN is the edge

between the subscriber line and the aggregation network. The aggregation network centralizes

and aggregates user traffic. Figure 4-2shows the connections at the access layer.

Figure 4-2Connections at the access layer

Switch CSwitch A

Switch B

EAN

EAN

EAN

Gateway

Flow through Gateway

Flow not through Gateway

Server ServerServerServer

Users have the following requirements atthe access layer:

l CE6800&5800 switches must perform Layer 3 forwarding for traffic of different user hosts

in different networks. In this way, switches can filter, schedule, and charge user traffic.





32


39/57

l IPv4 address assignment efficiency needs to be improved to save IPv4 addresses. The

address assignment effectiveness also needs to be improved if addresses are assigned from

a large address pool but not from a small and independent network segment.

To implement user isolation at the access layer and meet the preceding requirements, the MAC-

Forced Forwarding (MFF) protocol is introduced.

MFF is a security protocol and it ensures that user hosts accessing a device with the same media

are isolated at Layer 2. When MFF is running, its security program applies to any shared access

media.

In addition to Layer 2 isolation, the AN running MFF discards any upstream broadcast packets

except for DHCP packets and ARP request packets. Especially, the AN discards DHCP Reply

packets received through the subscriber line and rate-limits the DHCP Broadcast packets.

The AN running MFF must track the IPv4 addresses allocated to the subscriber line. This is to

discard upstream traffic that uses forged source IPv4 addresses.

4.12 DHCP

DHCP Snooping

CE6800&5800 switches can be deployed between the DHCP server and client to listen DHCP

packets that are exchanged. Based on the listening result, CE6800&5800 switches create an IP

+MAC+PORT+VLAN binding table to suppress invalid packets.

In addition, CE6800&5800 switches support the Option 82 field for collecting accurate locations

of DHCP clients.

l After receiving a Request packet from a DHCP client, CE6800&5800 switches append the

Option 82 field to the Request packet. Then, CE6800&5800 switches forward the packet

to the DHCP server. The DHCP server allocates IP addresses based on the Option 82 field.

l The DHCP server appends the Option 82 field to a Reply packet and sends the reply packet

to CE6800&5800 switches. CE6800&5800 switches parse the Option 82 field, determine

the target interface, remove the Option82 field, and then forward the packet to a user.

On CE6800&5800 switches, Option 82 is implemented in two modes: Option 82 insert and

Option 82 rebuild.

The Option 82 field contains the user circuit ID that carries the user device name, inner and outerVLAN IDs, and port number. Therefore, the Option 82 function effectively prevents attackers

from modifying DHCP packets.

DHCP Relay

The DHCP client and DHCP server broadcast DHCP packets during IP address allocation.

Therefore, DHCP applies only to scenarios when the DHCP client and DHCP server are on the

same subnet. To implement dynamic host configuration, users must configure a DHCP server

on each network segment, which increases costs.

The DHCP relay function is introduced to resolve this problem. By using DHCP relay, a DHCP

client in a subnet can communicate with the DHCP server in another subnet and finally obtain





33


40/57

an IP address. In this manner, DHCP clients on multiple network segments can share one DHCP

server. This reduces costs and facilitates centralized management.

DHCP Server

A DHCP server processes requests for address allocation, address lease extending, and address

release from DHCPv6 clients or DHCPv6 relay agents, and allocates IP addresses and other

network configuration parameters to DHCP clients.

The switch can function as a DHCP server and uses a global IP address pool to allocate IP

addresses. You can configure the following DHCP server functions on the switch:

l Configure and IP address pool, address lease, DNS server address, NetBIOS server address,

domain name suffix, and other network parameters. The DHCP server then dynamically

allocates IP addresses and other network configuration parameters to DHCP clients.

l Exclude some IP addresses in the address pool so that they will not be dynamically allocated

to clients.

l Bind IP addresses in the address pool to MAC addresses so that fixed IP addresses can be

allocated to servers or hosts used for special purpose on the network.

l Configure the DHCP server to check whether an IP address is in use by sending ping packets

before allocating the IP address to a client.

4.13 Network Management

4.13.1 LLDP

CE6800&5800 switches support the Link Layer Discovery Protocol (LLDP) that conforms to

IEEE 802.1ab. LLDP is a link layer protocol that a device uses to obtain information about

neighboring devices.

Using LLDP, the local NMS can obtain link-layer information of all devices on the local network

and details about the network topology. This expands the network management scope.

The LLDP-enabled interfaces on a CE6800&5800 periodically notify the neighboring devices

of the local interface status. When the status of an interface changes, the interface sends a status

update message to the directly connected neighboring device. The neighboring device stores the

status update message in the standard SNMP MIB. Then the NMS obtains link-layer information

of the network from the MIB to calculate the topology of the entire network.

4.13.2 NQA

With the launch of more value-added services, telecom carriers and users alike require

increasingly high QoS. Especially with the advent of voice over IP (VoIP) and video over IP

services, telecom carriers and users all tend to require Service Level Agreements (SLAs). To

ensure users with the committed bandwidth, telecom carriers need to collect statistics about

delay, jitter, and packet loss of devices. These statistics help analyze network performance in

timely fashion.

CE6800&5800 switches provide the network quality analysis (NQA) function to meet the

preceding requirements. NQA measures the performance of different protocols running on the





34


41/57

network. With NQA, telecom carriers can collect network operation indexes in real time, such

as TCP connection delay and file transfer rate. Based on these indexes, telecom carriers can

provide differentiated network services and charge differently for them. NQA is also an effective

tool for diagnosing network faults.

4.13.3 NetStream

As bandwidth on the Internet increases fast, users need to manage their network resources more

refinedly. NetStream technology can collect statistics about network traffic and usage of network

resources by sampling network traffic. This technology enables network administrators to obtain

detailed records about traffic on their data networks.

Figure 4-3NetStream networking diagram

NDE

NetStream

NSCNSC

NDA

NDA

NetStream traffic

traffic

NDE: NetStream Data Exporter NSC: NetStream Collector NDA: NetStream Data Analyzer

NetStream provides the following functions:

l Network management and planning

l Enterprise accounting and department billing

l ISP billing

l Data storage

l Business data collection

An IP a connectionless protocol, a service data flow on an IP network is a group of IP packets

that may be sent from any terminal to another terminal. Most data flows on an IP network are

temporary and bidirectional.

NetStream identifies flows of different services based on 7-tuple information consisting of the

destination IP address, source IP address, destination port number, source port number, protocol





35


42/57

ID, Type of Service (ToS), and inbound or outbound interface. After identifying data flows,

NetStream collects statistics for each service separately.

The NDE periodically sends the collected traffic statistics to the NSC. NSC processes the traffic

statistics and sends the statistics to the NDA. NDA analyzes the statistics, generates reports for

accounting and networking planning.

CE6800&CE5800 switches can work as an NDE and support packet-based random sampling to

sample IPv4, IPv6, and MPLS packets. The switches can create original traffic, flexible traffic,

and aggregation traffic and encapsulate NetStream packets V5, V8, or V9 format. They support

the Distributed NetStream model.

4.13.4 sFlow

Sampled Flow (sFlow) is a traffic monitoring technology that samples packets for traffic

statistics collection and analysis.

sFlow provides interface-based traffic analysis and displays traffic statistics in graphs or reports,

facilitating preventive maintenance on enterprise networks, especially for enterprises that do not

have specialized network administrators.

NetStream technology also provides traffic analysis function. As NetStream is implemented

based on traffic information, network devices must collect traffic statistics and save the collected

statistics in their buffers. Statistics are sent to the NetStream Collector (NSC) when their buffers

are full or when the traffic aging time expires. In sFlow application, network devices only need

to sample packets and do not need to save traffic statistics in their buffers. Traffic analysis is

completed by a remote collector. sFlow has the following advantages over NetStream:

l Fewer sources consumed and lower costs: Network devices do not need to save traffic

statistics in their buffers, reducing the network resources consumed and lowering costs.

l Flexible, on-demand collector deployment: Network traffic statistics collection and

analysis are completed by the collector. The traffic collection and analysis functions can

be flexibly configured on the collector according to network characteristics.

4.14 Smart Link and Multi-Instance

Dual-homing is a commonly used networking model. A dual-homing network usually runs the

Spanning Tree Protocol (STP) protocol to implement link redundancy. However, STP

convergence speed is low.

Smart Link can implement fast link switchover while providing redundancy protection. On a

dual-homed device, when the active link fails, the device switches traffic to the standby link to

ensure normal traffic forwarding.

Smart Link is specific to dual-homing networking and features fast convergence (subsecond

convergence), simple configuration, and easy user operation.

Smart Link multi-instance allows you to associate a Smart Link Group with multiple instances

bound to different VLAN ranges. Configure the standby link (using a command) to forward

traffic of some instances. Then data traffic of different VLANs is transmitted over different

paths, realizing loading balancing.





36


43/57

4.15 Stacking

Stacking enables switches located in the same place to form a reliable switch group by way ofhigh-speed uplink interfaces. CE6800&5800 switches implement stacking by multiplexing

10GE/40GE uplink interfaces as stack interfaces. After being stacked, CE6800&5800 switches

can be uniformly managed and maintained, which reduces maintenance costs.

Stack interfaces on CE6800&5800 switches can be bonded to improve bandwidth and to enhance

stacking reliability.

Member switches in a stack system have three roles:

l Master switch

A stack system has only one master switch. The master switch manages the entire stack

system by assigning stack IDs to member switches, collecting information about the stacktopology, and advertising information to all the member switches.

l Standby switch

When the master switch fails, the standby switch becomes the master switch and takes over

all services.

l Slave switch

In a stack system, all member switches except for the master switch are slave switches.

4.16 Data Center Features

4.16.1 TRILL

In the cloud computing era, server virtualization technology is widely used in data centers. VMs

must be able to dynamically migrate within a wide range to enhance service reliability and lower

IT costs. Moreover, collaborative computing between servers generates a large volume of east-

west traffic. Therefore, fat-tree networking is required to implement non-blocking data

forwarding. These service requirements lead to the birth of large Layer 2 networking.

Transparent Interconnection of Lots of Links (TRILL) is introduced to build large Layer 2

networks.

TRILL is an IETF standard to implement large Layer 2 networking. Data packets are

encapsulated in TRILL headers with a TTL value to prevent packet loops. RPF check performed

on multicast packets also effectively prevents broadcast storms caused by loops. Packets are

forwarded along multiple paths to improve bandwidth efficiency. TRILL supports shared links

and can seamlessly interconnect with traditional Layer 2 networks. In addition, many TRILL

parameters are generated automatically, simplifying TRILL deployment. TRILL supports

unicast and multicast services simultaneously and features easy operation and maintenance

(O&M). TRILL is applicable to building large Layer 2 networks. It has the same characteristics

as traditional Layer 2 networks: plug-and-play and flexible deployment. TRILL also addresses

many issues of traditional Layer 2 networks. For example, bandwidth efficiency is low, STP

convergence is slow, and every switch needs to learn MAC addresses from devices on the entire

network.





37


44/57


45/57

Figure 4-4Virtual awareness solution

Network

administrator

Switch

NIC

Hardware

Virtual Switch

VM VM VM

NIC

Hardware

Virtual Switch

VM VM VM

nCenter

vCenter

The CE6800&5800 series switches support the following virtual awareness features:

l Manage and control VMs, and quickly obtain VM migration information from the vCenter.

l Automatically deploy and migrate VM policies. When a VM goes online, the switch

automatically deploys a VM policy for the VM; when a VM goes offline, its VM policy is

automatically deleted; when a VM is migrated, the switch deploys the VM policy on the

new access interface.

4.16.5 Forwarding Based on the VEPA

In server virtualization scenarios, virtual machines (VMs) on the same server cannot directly

communicate with each other.

In the Virtual Edge Port Aggregator (VEPA) service model, all traffic exchanged between VMs

on the same server must be forwarded by the upstream CE6800&5800 switches. This is the

VEPA-based traffic model. VEPA-based forwarding ensures that theCE6800&5800 series

switches can correctly forward traffic to the destination VMs on the same port. Figure 4-5shows

the VEPA-based traffic model.

Figure 4-5VEPA-based traffic model

Hypervisor

VM1 VM2 VM3

Server

VEPA

Switch





39


46/57


47/57

5.1 Maintenance and Management

5.1.1 Configuration Modes

Configuration Methods

CE6800&5800 switches support the following configuration and management methods:

l Command line

Users can log in to the console port on CE6800&5800 switches from a console terminal

and then configure various features and parameters in the command-line interface (CLI).

l NMS configuration

Users can configure and manage CE6800&5800 switches using SNMP through a network

management system (NMS) workstation.

Login Modes

CE6800&5800 switches provide a console port for users to configure CE6800&5800 switches

locally or remotely. Users can connect a console terminal to the console port through a serial

port.

In addition, users can log in to CE6800&5800 switches' service interfaces through Telnet,Stelnet, or SSH for configuration and management.

For user logins, CE6800&5800 switches support multiple authentication modes, including non-

authentication, local authentication, and AAA authentication.

5.1.2 Monitoring and Maintenance

Hardware Monitoring

CE6800&5800 switches provide the following hardware monitoring functions:

l Re-detect hardware faults to prevent incorrect detection caused by intermittent interference.

l Checks version mapping automatically when the CE6800&5800 system is running.

Device Management and Maintenance

CE6800&5800 switches provide the following device management and maintenance functions:

l Support online help for the command line in English and Chinese.

l Provide hierarchical commands and user rights management.

l Provide an information center to uniformly manage logs, alarms, and debugging

information and redirect information as required.


Product Description 5 Operation Maintenance and Network Management



41


48/57

l Provide electronic labeling. Users can query basic information about the main control

boards, optical modules, and fan modules on the CLI, and back up the information to an

external server using FTP or TFTP.

l Display the system version, module status, ambient temperature, CPU usage, and memory

usage.

5.1.3 Diagnosis and Debugging

Ping and tracert

On traditional IP networks, CE6800&5800 switches provide the following tools to check

network connectivity:

l Ping

lTracert

These tools test network connectivity and record the transmission paths of packets to help locate

faults.

Debugging

CE6800&5800 switches provide various debugging commands for each software feature. Each

debugging command supports multiple parameters and can be flexibly controlled. Debugging

commands can display the detailed information about process handling, packets received and

transmitted, and error checking of features.

Black Box

CE6800&5800 switches provide a black box function to record information on feature modules,

tasks, and events. To facilitate fault location, the black box records the dying gasp, process status,

and function calling track.

VCT

After a user runs the virtual cable test (VCT) command on an interface of CE6800&5800

switches, the interface sends a testing signal. According to time domain reflectometry (TDR)

theory, the interface receives the reflected signal a while after sending the testing signal. Based

on the characteristics of the reflected signal, the user can infer the cable status.

Mirroring Functions

CE6800&5800 switches support the following mirroring functions.

l Port mirroring

CE6800&5800 switches copy packets from the mirrored port to the mirroring port for

analysis and monitoring.

l Flow mirroring

CE6800&5800 switches copy all traffic on the mirrored port to the mirroring port for

analysis and monitoring.


Product Description 5 Operation Maintenance and Network Management



42

cloudengine 6800&5800 v100r002c00 product description 03

Documents