Quidway S9300 Terabit Routing Switch Product Description (V100R003C01 - 01) PDF

Quidway S9300 Terabit Routing Switch
V100R003C01
Product Description
Issue 01
Date 2010-12-15
HUAWEI TECHNOLOGIES CO., LTD.

Copyright Huawei Technologies Co., Ltd. 2010. All rights reserved.
No part of this document may be reproduced or transmitted in any form or by any means without prior written
consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.
Address: Huawei Industrial Base
Bantian, Longgang
Shenzhen 518129
People's Republic of China
Website: http://www.huawei.com
Email: support@huawei.com
Issue 01 (2010-12-15) Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
i
About This Document
Intended Audience
This document describes the product positioning and features, product architecture, link features,
service features, application scenarios, operation and maintenance, and technical specifications
of the Quidway S9300 Terabit Routing Switch .
This document provides an overall description of the Quidway S9300 Terabit Routing
Switch , which helps intended readers get a general understanding of all the product features.
This document is intended for:
l Network planning engineers
l Hardware installation engineers
l Commissioning engineers
l Data configuration engineers
l On-site maintenance engineers
l Network monitoring engineers
l System maintenance engineers
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol Description
DANGER
Indicates a hazard with a high level of risk, which if not
avoided, will result in death or serious injury.
WARNING
Indicates a hazard with a medium or low level of risk, which
if not avoided, could result in minor or moderate injury.
CAUTION
Indicates a potentially hazardous situation, which if not
avoided, could result in equipment damage, data loss,
performance degradation, or unexpected results.
TIP
Indicates a tip that may help you solve a problem or save
time.
Product Description About This Document
iii
Symbol Description
NOTE
Provides additional information to emphasize or supplement
important points of the main text.

Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Changes in Issue 01 (2010-12-15)
This is the first release.
About This Document
Product Description
iv Huawei Proprietary and Confidential
Issue 01 (2010-12-15)
Contents
About This Document...................................................................................................................iii
1 Introduction.................................................................................................................................1-1
1.1 Positioning.......................................................................................................................................................1-2
1.2 Product Characteristics....................................................................................................................................1-2
2 Architecture................................................................................................................................. 2-1
2.1 System Structure.............................................................................................................................................2-2
2.1.1 System Structure of the S9303...............................................................................................................2-2
2.2 Hardware Structure.........................................................................................................................................2-8
2.2.1 Backplane.............................................................................................................................................2-10
2.2.2 SRU......................................................................................................................................................2-10
2.2.3 MCU.....................................................................................................................................................2-11
2.2.4 CMU.....................................................................................................................................................2-11
2.2.5 LPU......................................................................................................................................................2-11
2.2.6 FSU.......................................................................................................................................................2-15
2.2.7 VSU......................................................................................................................................................2-15
2.2.8 SPU.......................................................................................................................................................2-16
2.3 Software Architecture...................................................................................................................................2-16
3 Service Features.......................................................................................................................... 3-1
3.1 Ethernet...........................................................................................................................................................3-3
3.1.1 VLAN Aggregation................................................................................................................................3-3
3.1.2 VLAN Mapping.....................................................................................................................................3-3
3.1.3 Selective QinQ.......................................................................................................................................3-4
3.1.4 BPDU Tunnel.........................................................................................................................................3-4
3.2 IP Features.......................................................................................................................................................3-4
3.2.1 IPv4/IPv6 Protocol Stack.......................................................................................................................3-5
3.2.2 IPv4 Features..........................................................................................................................................3-5
3.2.3 IPv6 Features..........................................................................................................................................3-6
3.2.4 IPv4/IPv6 Transition Technologies........................................................................................................3-6
3.2.5 IP Session...............................................................................................................................................3-8
3.3 Multicast..........................................................................................................................................................3-9
Product Description Contents
v
3.3.1 Multicast Routing Protocol.................................................................................................................... 3-9
3.3.2 IGMP Snooping....................................................................................................................................3-10
3.3.3 Static Multicast.....................................................................................................................................3-11
3.3.4 Multicast VLAN and Multicast Replication........................................................................................3-11
3.4 QoS................................................................................................................................................................3-11
3.4.1 Hierarchical Traffic Policing................................................................................................................3-12
3.4.2 Flow Control........................................................................................................................................3-12
3.4.3 Re-marking...........................................................................................................................................3-12
3.4.4 Queue Scheduling................................................................................................................................3-12
3.4.5 Congestion Avoidance.........................................................................................................................3-13
3.4.6 Traffic Shaping.....................................................................................................................................3-13
3.5 Reliability......................................................................................................................................................3-13
3.5.1 Link Aggregation.................................................................................................................................3-14
3.5.2 DLDP...................................................................................................................................................3-14
3.5.3 RRPP and the Multi-Instance Technology...........................................................................................3-14
3.5.4 Smart Link and the Multi-Instance Technology..................................................................................3-15
3.5.5 Ethernet OAM......................................................................................................................................3-15
3.5.6 BFD......................................................................................................................................................3-15
3.5.7 LSP Protection Switchover..................................................................................................................3-16
3.5.8 High Availability at the Equipment Level...........................................................................................3-16
3.6 Security..........................................................................................................................................................3-19
3.6.1 Security for Devices.............................................................................................................................3-19
3.6.2 Security for Services............................................................................................................................3-20
3.7 Network Management Features....................................................................................................................3-22
3.7.1 LLDP....................................................................................................................................................3-22
3.7.2 NetStream.............................................................................................................................................3-22
3.8 Clock.............................................................................................................................................................3-24
3.9 PoE................................................................................................................................................................3-24
3.10 Enterprise Network Features.......................................................................................................................3-25
3.10.1 NAC...................................................................................................................................................3-25
3.10.2 Firewall...............................................................................................................................................3-26
3.10.3 NAT....................................................................................................................................................3-27
3.10.4 Load Balancing..................................................................................................................................3-27
3.11 MPLS..........................................................................................................................................................3-28
3.11.1 Basic MPLS Functions.......................................................................................................................3-28
3.11.2 MPLS TE............................................................................................................................................3-28
3.11.3 MPLS OAM.......................................................................................................................................3-29
3.11.4 VLL....................................................................................................................................................3-29
3.11.5 VPLS..................................................................................................................................................3-30
3.11.6 HVPLS...............................................................................................................................................3-30
3.11.7 MPLS L3VPN....................................................................................................................................3-31
4 Application Scenarios...............................................................................................................4-1
Contents
Product Description
vi Huawei Proprietary and Confidential
Issue 01 (2010-12-15)
4.1 Overview.........................................................................................................................................................4-2
4.2 Application of MPLS L2VPN.........................................................................................................................4-2
4.3 Application of HVPLS for Dual-homing Protection.......................................................................................4-4
4.3.1 UPE+NPE Network Architecture...........................................................................................................4-5
4.3.2 UPE+PE-AGG+NPE Network Architecture..........................................................................................4-5
4.4 Application of RRPP.......................................................................................................................................4-6
4.5 Application of Smart Link in Dual-Homing Networking...............................................................................4-8
4.6 Application of Ethernet OAM.........................................................................................................................4-9
4.7 Application of QoS........................................................................................................................................4-10
4.8 Application of Selective QinQ......................................................................................................................4-11
4.9 Application of the S9300 in IPTV Service....................................................................................................4-12
4.9.1 Networking of IPTV.............................................................................................................................4-12
4.9.2 Protection of IPTV Services.................................................................................................................4-13
4.10 Application of the S9300 in NAC Networking...........................................................................................4-14
4.11 Applications of the Firewall........................................................................................................................4-15
5 Operation and Maintenance....................................................................................................5-1
5.1 Maintenance and Management........................................................................................................................5-2
5.1.1 Configuration Modes..............................................................................................................................5-2
5.1.2 Management and Monitoring.................................................................................................................5-3
5.1.3 Diagnosis and Debugging......................................................................................................................5-3
5.1.4 In-Service Software Upgrade and Patching...........................................................................................5-5
5.2 NMS................................................................................................................................................................5-5
6 Technical Specification.............................................................................................................6-1
6.1 Physical Specifications....................................................................................................................................6-2
6.2 System Configuration......................................................................................................................................6-3
6.3 Performance and Capacity..............................................................................................................................6-4
6.4 List of Software Features................................................................................................................................6-8
Product Description Contents
vii
Figures
Figure 2-1 Appearance of the S9303....................................................................................................................2-2
Figure 2-2 Appearance of the back of the S9303.................................................................................................2-3
Figure 2-3 Component layout of the S9303.........................................................................................................2-3
Figure 2-10 Hardware structure of the S9303......................................................................................................2-9
Figure 2-11 Hardware structure of the S9306 and S9312....................................................................................2-9
Figure 3-1 Structure of the IPv4/IPv6 protocol stack...........................................................................................3-5
Figure 3-2 Schematic diagram of the IPv6 over IPv4 tunnel technology............................................................ 3-6
Figure 3-3 Networking diagram of the IPv4 over IPv6 tunnel.............................................................................3-7
Figure 3-4 6PE topology...................................................................................................................................... 3-8
Figure 3-5 Networking diagram of the IP session................................................................................................3-8
Figure 3-6 Networking diagram of E-Trunk......................................................................................................3-18
Figure 3-7 Networking diagram of NetStream...................................................................................................3-23
Figure 3-8 Main components and networking of NAC......................................................................................3-26
Figure 4-1 S9300 application in the MAN...........................................................................................................4-2
Figure 4-2 Point-to-point VPN application (VLL)...............................................................................................4-3
Figure 4-3 Multipoint-to-multipoint VPN application (VPLS)........................................................................... 4-3
Figure 4-4 VPN services realized through the cooperation between the S9300 and CE.....................................4-4
Figure 4-5 S9300 Application of HVPLS with UPE+NPE network architecture................................................4-5
Figure 4-6 S9300 application of HVPLS with UPE+PE-AGG+NPE network architecture................................4-6
Figure 4-7 Application of intersectant RRPP rings..............................................................................................4-7
Figure 4-8 Application of Smart Link..................................................................................................................4-8
Figure 4-9 Application of Ethernet OAM on the MAN.......................................................................................4-9
Figure 4-10 S9300 application of QoS...............................................................................................................4-10
Figure 4-11 S9300 application of selective QinQ..............................................................................................4-11
Figure 4-12 S9300 application of IPTV.............................................................................................................4-12
Figure 4-13 S9300 protection for IPTV services...............................................................................................4-14
Figure 4-14 Application of the S9300 in the NAC networking.........................................................................4-15
Product Description Figures
ix
Figure 4-15 Networking diagram for applying the firewall to the enterprise intranet.......................................4-16
Figure 4-16 Networking diagram applying the firewall to the ISP network......................................................4-17
Figure 4-17 Networking diagram for applying the firewall to the data center...................................................4-18
Figures
Product Description
x Huawei Proprietary and Confidential
Issue 01 (2010-12-15)
Tables
Table 1-1 Table of interface density of the board and system..............................................................................1-3
Table 1-2 System specifications of the S9300......................................................................................................1-3
Table 1-3 Carrier-class reliability.........................................................................................................................1-6
Table 2-1 SRU....................................................................................................................................................2-10
Table 2-2 Ethernet LPUs....................................................................................................................................2-11
Table 2-3 FSUA..................................................................................................................................................2-15
Table 2-4 Stacking cards....................................................................................................................................2-15
Table 2-5 SPU card.............................................................................................................................................2-16
Table 6-1 Physical specifications of the S9300....................................................................................................6-2
Table 6-2 System configuration of the S9300......................................................................................................6-3
Table 6-3 Performance specifications of the S9300.............................................................................................6-4
Table 6-4 Software features list of the S9300...................................................................................................... 6-8
Product Description Tables
xi
1 Introduction
About This Chapter
This section describes the features of the S9300 and the position of the S9300 on the network.
1.1 Positioning
With the popularization of the IP network and the trend of triple play services, the Metropolitan
Area Network (MAN) is bearing more services, demanding higher requirements on the quality
of transmission. In view of such a demand, Huawei has developed the Quidway S9300 Terabit
Routing Switch (hereinafter referred to as the S9300), a high-end network device.
1.2 Product Characteristics
The S9300 provides high-density Ethernet interfaces. This section describes the the maximum
interface density on the LPU and in the entire system, forwarding capability, features and
reliability.
Product Description 1 Introduction
1-1
1.1 Positioning
With the popularization of the IP network and the trend of triple play services, the Metropolitan
Area Network (MAN) is bearing more services, demanding higher requirements on the quality
of transmission. In view of such a demand, Huawei has developed the Quidway S9300 Terabit
Routing Switch (hereinafter referred to as the S9300), a high-end network device.
The S9300 is mainly used to access, converge, and transmit services on the MAN. As the access
and convergence device on the MAN, the S9300 provides EPON, Fast Ethernet (FE), Gigabit
Ethernet (GE), and 10GE interfaces that transmit services at line speed.The S9300 can be applied
to enterprise networks and data centers, providing high-density interfaces and rich value-added
service (VAS) capabilities.
The S9300 provides three models: S9303, S9306, and S9312. The S9303 supports a maximum
of three LPUs; the S9306 supports a maximum of six LPUs; the S9312 supports a maximum of
12 Line Processing Units (LPUs). You can choose different models as required.
The S9300 operates on the Versatile Routing Platform (VRP) operating system developed by
Huawei and adopts the hardware-based forwarding and non-blocking data switching technology.
The S9300 features carrier-class reliability, line-speed forwarding capability, perfect Quality of
Service (QoS) mechanism, service processing capability, and good expansibility.The S9300
provides rich enterprise network features, including firewall, Network Address Translation
(NAT), network traffic analysis, IPSec VPN, and load balancing, meeting requirements of
various services on enterprise networks.
NOTE
The release of Russia does not provide the IPSec VPN.
In addition, the S9300 provides strong capabilities in network access, Layer 2 switching, and
transmission of Ethernet over MultiProtocol Label Switching (EoMPLS) services. The S9300
also supports rich IP services and provides broadband access, triple play, IP leased line, and
Virtual Private Network (VPN) services. The S9300 can also work in conjunction with the S
series switches, NE80E, NE40E, ME60, and MA5200G developed by Huawei to set up a
hierarchical metro Ethernet that provides rich services for customers.
1.2 Product Characteristics
The S9300 provides high-density Ethernet interfaces. This section describes the the maximum
interface density on the LPU and in the entire system, forwarding capability, features and
reliability.
High-Density Interfaces
Table 1-1 lists the types of interfaces on the boards with high interface density and describes
the interface density of the boards and in the entire system.
1 Introduction
Product Description
1-2 Huawei Proprietary and Confidential
Issue 01 (2010-12-15)
Table 1-1 Table of interface density of the board and system
Interface Type Interface Density
on the LPU
Interface Density of the System
10GE 48 S9312: 576
S9306: 288
S9303: 144
GE 48 S9312: 576
S9306: 288
S9303: 144
FE 48 S9312: 576
S9306: 288
S9303: 144

Flexible Extensibility
The system extensibility includes:
l Service extensibility: The SRU of the system supports the FSUA, which can meet the
requirements for service development in the future.
l Power supply: Currently, the maximum power supply of a power supply module is 1600
W, and 1+1 and 2+2 redundancy are supported. In the future, 4+4 redundancy will be
supported.
l cluster switch system (CSS): In a CSS, two switches are connected through dedicated
stacking cables to form a logical switch. To meet the forwarding requirement of the database
and ensure the network reliability, the CSS technology is used.
Powerful Forwarding Capability
On the S9300, the hardware completes two-level packet replication to forward multicast at wire
speed. That is, the SFU replicates multicast packets to the LPU, and the forwarding engine of
the LPU replicates the multicast packets to its interfaces.
Table 1-2 System specifications of the S9300
S9312 S9306 S9303
Switching
capacity
1 Tbit/s or 2 Tbit/s 1 Tbit/s or 2 Tbit/s 720 Gbit/s
Backplane
capacity
12Tbit/s 6Tbit/s 3Tbit/s
Forwarding
capacity
1320 Mpps 1080 Mpps 540 Mpps

1-3
Rich Features
l The S9300 provides rich Layer 2 service features, including the following:
VLAN
Generic Attribute Registration Protocol / Generic VLAN Registration Protocol (GARP/
GVRP)
Selective QinQ
RRPP
Smart Ethernet Protection (SEP)
Smart Link
STP, RSTP, and MSTP
Link aggregation
DHCP snooping
IGMP snooping
IPV6 ND snooping
MLDv1/v2 snooping
Ethernet OAM
l The S9300 provides various IP services, including:
IPv4 unicast routing protocols, including the Routing Information Protocol (RIP), Open
Shortest Path First (OSPFv2), Intermediate System-to-Intermediate System (IS-IS),
Border Gateway Protocol (BGP), and Multiprotocol Border Gateway Protocol (MBGP)
IPv6 unicast routing protocols, including RIPng, OSPFv3, ISISv6, and BGP+
Multicast routing protocols, including IGMP, MLD, Multicast Source Discovery
Protocol (MSDP), multicast VLAN, PIM-DM, PIM-SM, and PIM-SSM
VRRP
DHCP relay, DHCP server, and Option82
The S9300 supports distributed and integrated NetStream.
l The S9300 provides MPLS services.
MPLS forwarding
LDP
MPLS-TE
MPLS-OAM
l The S9300 provides perfect VPN services, including the following features:
VPLS
VLL
BGP/MPLS IP VPN
l The S9300 provides mobile services, including:
Stratum-3 clock
Ethernet clock synchronization
1588v2
l The S9300 provides rich intranet features, including:
1 Introduction
Product Description
Issue 01 (2010-12-15)
The S9300, which functions as the network access device (NAD), supports Web
authentication, 802.1x authentication, and MAC address authentication.
PoE
The S9300 provides service distribution, including:
l Firewall/NAT
l Load balancing
l IPSec VPN
NOTE
Excellent Security Design
The S9300 adopts a distributed structure, which guarantees the separation between the data plane
and the control plane. It provides a security performance leading in the industry.
The S9300 provides the following security features:
l Three user authentication modes: local authentication, Remote Authentication Dial in User
Service (RADIUS) authentication, and Huawei Terminal Access Controller Access Control
System (HWTACACS) authentication.
l Hardware-based packet filtering and sampling, which guarantees high performance and
high scalability
l Multiple authentication methods including plain text authentication and Message Digest 5
(MD5) for upper-layer routing protocols such as OSPF, IS-IS, RIP, and BGP-4
l ACL on the forwarding plane and control plane
l Anti-attack features: The S9300 provides the blacklist and CAR functions to limit the
packets to be sent to the CPU.
l Port security
l URPF
l DHCP snooping and DHCP snooping over VPLS
l MAC limit and MAC Forced Forwarding (MFF)
l IP source trail, ARP attack defense, ICMP attack defense,and broadcast traffic suppression
l Blacklist and attack trace: The S9300 filters out the traffic of users on the blacklist and
displays the physical interfaces and VLAN IDs of the attackers.
l Whitelist: The S9300 provides a high-priority channel for the protocol packets transmitted
to the CPU.
Carrier-Class Reliability
The S9300 provides a powerful monitoring system. The S9300 manages and maintains the entire
system by using the individual monitoring unit. The monitoring unit manages, monitors, and
maintains the boards, fans, and power modules.
The S9300 complies with Electro Magnetic Compatibility (EMC). The modular design of the
S9300 implements EMC isolation between boards.
The S9300 meets the requirements for the high reliability of carrier-class and high-end devices.
The S9300 provides the following features shown in Table 1-3 to ensure high reliability.
1-5
Table 1-3 Carrier-class reliability
Item Description
System
protection
mechanism
The boards, power modules, and fans are hot swappable.
The monitoring unit is totally separated from the service system.
The system can operate normally for 96 hours when a single fan fails.
The MPUs work in 1+1 backup mode.
The power modules work in 1+1 or 2+2 backup mode.
Key components such as the clocks and management buses work in backup
mode.
Protection
against
abnormalities
The system can restart automatically and be recovered
when abnormalities occur.
The system resets a board when abnormalities occur on
the board and resumes the work.
The system automatically restores the interface
configuration.
The system provides protections against over-current and over-voltage for
power modules and interfaces.
The system provides protection against mis-insertion of boards.
Power alarm
monitoring
The system provides alarm prompt, alarm indication,
running status query, and alarm status query.
Voltage and
environment
temperature
monitoring
The system provides alarm prompt, alarm indication,
running status query, and alarm status query.
Reliability
design
The system adopts distributed hardware-based forwarding.
The control channel is separated from the service channel to provide a non-
blocking control channel.
The system provides fault detection for the system and boards and alarm
function for indicators, and the NMS.
Reliable
upgrade
The system supports in-service patching.
The system supports version rollback.
The system supports online upgrade of the BootROM.
The system supports the Error Checking and Correction (ECC) Random
Access Memory (RAM).
1 Introduction
Product Description
Issue 01 (2010-12-15)
Item Description
Fault
tolerance
design
Data backup The system supports hot backup of the data between the
active and standby units. When the active unit fails, the
standby unit automatically takes over the active unit for
data transmission. This prevents data loss.
Synchronizatio
n configuration
The system supports the synchronization between the
MPUs and LPUs.
The system can automatically select and boot correct applications.
The system supports the automatic upgrade and restoration of the BootROM
program.
The system can back up configuration files to the remote FTP server.
The system can automatically select and run correct configuration files.
The system provides abnormality monitoring for the system software,
automatic restoration, and log record.
Operation
security
The system provides password protection for system operations.
The system provides hierarchical protection for commands through the
configuration of login user levels and command levels.
The system can lock the terminal through commands to prevent illegal use.
The system provides operation and confirmation prompts for some
commands that may degrade the system performance.
Operation
and
maintenance
center
The system adopts the generic integrated Network Management System
platform developed by Huawei.

Good Maintainability
The S9300 provides the following maintenance features:
l The S9300 supports Ethernet OAM, providing point-to-point Ethernet fault management
to detect faults in the first mile of the directly connected link on the user side of the Ethernet.
The S9300 supports automatic neighbor discovery, link fault monitoring, remote fault
notification, and remote loopback configuration defined in IEEE 802.3ah, and Connectivity
Check (CC) fault detection, MAC Ping, and MAC Trace defined in IEEE 802.1ag.
l The S9300 supports MPLS OAM, providing fault detection and location techniques such
as Ping and TraceRoute on the MPLS network.
l The S9300 supports 802.1ag, 802.3ah, association between the status of BFD sessions, and
end-to-end OAM.
l The S9300 supports traffic statistics based on physical interfaces, VLAN IDs, MPLS LSPs,
and ACLs.
1-7
l Through the U2000, you can operate the S9300 for: Device managementInterface
managementVLAN managementMulticast managementMPLS managementSoftware
upgrading managementConfiguration file management(item list)
l The S9300 supports different configuration methods such as end-to-end configuration,
batch configuration, and configuration wizard. At the same time, it provides corresponding
default configuration templates.
l The S9300 supports remote maintenance. The S9300 supports remote maintenance through
Telnet.
l The S9300 supports in-service upgrade. When the system is operating normally, it can be
upgraded through FTP or TFTP. In addition, with the active/standby switchover function,
services are not interrupted during the upgrade.
l The S9300 supports hot patch. It can upgrade only the features that need to be optimized.
Services are not interrupted during a patch is installed. It also supports deletion and
confirmation during a patch is installed.
l It supports rollback of versions. When the in-service upgrade of the system software or that
of a patch fails, the S9300 can return to the version before the upgrade.
1 Introduction
Product Description
Issue 01 (2010-12-15)
2 Architecture
About This Chapter
This section describes the appearance, hardware structure and software architecture of the S9300
2.1 System Structure
This section describes the appearance and component layout of the S9300.
2.2 Hardware Structure
This section describes the hardware structure, backplane, MCU, SRU, LPU, CMU , FSU and
clock board of the S9300.
2.3 Software Architecture
This section describes the relationship between the operating system and software features of
S9300.
Product Description 2 Architecture
2-1
2.1 System Structure
This section describes the appearance and component layout of the S9300.
The S9300 adopts a distributed hardware architecture.
The S9300 consists of the following components:
l Chassis
l Backplane
l Power module
l Fan frame
l Switch Routing Unit (SRU) or Main Control Unit (MCU)
l Line Processing Unit (LPU)
l Central Management Unit (CMU)
The S9300 can be installed in either the 297 cabinet specified by the International
Electrotechnical Commission (IEC) or the cabinet specified by the European
Telecommunications Standards Institute (ETSI).
NOTE
l The SRU and CMU are applicable only to the S9312 and S9306.
l The MCU is applicable only to the S9303.
2.1.1 System Structure of the S9303
Appearance of the S9303
Figure 2-1 shows the appearance of the S9303.
Figure 2-1 Appearance of the S9303
1. Ack-mounting ear 2. Power module 3. MCU
2 Architecture
Product Description
Issue 01 (2010-12-15)
4. LPU 5. PoE module 6. Cabling rack

Figure 2-2 shows the appearance of the back of the S9303.
Figure 2-2 Appearance of the back of the S9303
1. Air filter 2. Fan module

The dimensions of the S9303 are 442 mm x 476 mm x 175 mm (width x depth x height).
Facing the chassis, the LPUs, MCUs, and power modules are mounted from top to bottom.
Ventilation and heat dissipation of the S9303 are performed from the back of the chassis. The
handles reside on both sides of the chassis.
Component Layout of the S9303
Figure 2-3 shows the component layout of the S9303.
Figure 2-3 Component layout of the S9303
MCU
LPU
LPU
LPU
MCU
PoE Power module Power module
l All components of the S9303 are located on the front panel for maintenance. There are
totally five slots for horizontally inserted boards in the board cage. The two half-height
slots in the lower half of the chassis are reserved for the MCUs that support 1+1 backup
mode. The other three slots are reserved for the LPUs.
l The fan frame and air filter of the S9303 are located at the back of the chassis.
l Located at the bottom of the chassis, the power modules work in 1+1 backup mode and
support double power supply networks for power input. The power modules can be either
AC power modules or DC power modules.
2-3
l The power modules support PoE. The PoE function supports only the AC power supply
and does not support the backup of power modules.
1. LPU 2. SRU 3. Ack-mounting ear
4. Cabling rack 5. PoE module 6. CMU
7. Power module

2 Architecture
Product Description
Issue 01 (2010-12-15)

The dimensions of the S9306 are 442 mm x 476 mm x 441.7mm (width x depth x height).
Facing the chassis, the LPUs, SRUs, CMUs, and power modules are mounted from top to bottom.
handles reside on both sides of the chassis.
SRU
LPU
LPU
SRU
LPU
LPU
LPU
C
M
U
C
M
U
P
o
w
e
r
m
o
d
u
l
e
P
O
E
P
o
w
e
r
m
o
d
u
l
e
P
o
w
e
r
m
o
d
u
l
e
P
o
w
e
r
m
o
d
u
l
e
P
O
E
LPU
P
O
E
P
O
E
2-5
l The board cage of the S9306 provides a total of eight slots for horizontally inserted boards.
The two slots in the middle are reserved for the SRUs that support 1+1 backup mode. The
other six slots are reserved for the LPUs.
l Located at the bottom of the chassis, the power modules support double power supply
networks for power input. The power modules can be either AC power modules or DC
power modules. The DC power modules can work in 1+1 mode. The AC power modules
can work in 1+1 or 2+2 mode.
l Located at the bottom of the chassis, the CMUs work in 1:1 backup mode.
l The power modules support Power over Ethernet (PoE). The PoE function supports only
the AC power supply. Four AC power modules work in 3+1, 2+2, or 4+0 (not backup)
mode..
1. LPU 2. SRU 3. Ack-mounting ear
4.Cabling rack 5. PoE module 6. CMU
7. Power module

2 Architecture
Product Description
Issue 01 (2010-12-15)

The dimensions of the S9312 are 442 mm x 476 mm x 663.95 mm (width x depth x height).
Facing the chassis, the LPUs, SRUs, CMUs, and power modules are mounted from top to bottom.
handles are on both sides of the chassis.
2-7
SRU
LPU
LPU
SRU
LPU
LPU
LPU
LPU
LPU
LPU
LPU
LPU
LPU
LPU
C
M
U
C
M
U
P
o
w
e
r
m
o
d
u
l
e
P
o
w
e
r
m
o
d
u
l
e
P
o
w
e
r
m
o
d
u
l
e
P
o
w
e
r
m
o
d
u
l
e
P
O
E
P
O
E
P
O
E
P
O
E

l The board cage of the S9312 provides a total of 14 slots for horizontally inserted boards.
The two slots in the middle are reserved for the SRUs that support 1+1 backup mode. The
other 12 slots are reserved for the LPUs.
l Located at the bottom of the chassis, the power modules support double power supply
networks for power input. The power modules can be either AC power modules or DC
power modules. The DC power modules can work in 1+1 mode. The AC power modules
can work in 1+1 or 2+2 mode.
l The power modules support PoE. The PoE function supports only the AC power supply.
Four AC power modules work in 3+1, 2+2, or 4+0 (not backup) mode..
l Located at the bottom of the chassis, the CMUs work in 1+1 backup mode.
2.2 Hardware Structure
This section describes the hardware structure, backplane, MCU, SRU, LPU, CMU , FSU and
clock board of the S9300.
Figure 2-10 shows the hardware structure of the S9303.
2 Architecture
Product Description
Issue 01 (2010-12-15)
Figure 2-10 Hardware structure of the S9303
High
speed
Serdes
backplane
Material
interface
module
Service
processing
module
Main control
module
Monitoring
module
Clock
module
LPU
System
clock
module
Control plane communication module
Service layer software
NMS
Management
layer software
Control layer
software
System monitoring module
MCU

Figure 2-11 shows the hardware structure of the S9306 and S9312.
Figure 2-11 Hardware structure of the S9306 and S9312
High
speed
Serdes
backplane
Material
interface
module
Service
processing
module
Main control
module
Monitoring
module
Clock
module
LPU
Switching
network
module
System
clock
module
Service layer software
NMS
Management
layer software
Control layer
software
System monitoring module
SRU

2-9
2.2.1 Backplane
2.2.2 SRU
2.2.3 MCU
2.2.4 CMU
2.2.5 LPU
2.2.6 FSU
2.2.7 VSU
2.2.8 SPU
2.2.1 Backplane
The S9300 is designed with a passive backplane. The backplane provides control buses,
management buses, and clock buses between the SRU,MCU and other components for
communication.
The backplane of an S9300 provides two slots for the main process unit. In addition, the
backplane of an S9303 provides 3 LPU slots, the backplane of an S9306 provides 6 LPU slots,
and the backplane of an S9312 provides 12 LPU slots.
2.2.2 SRU
The SRU is applicable only to the S9306 and S9312. The SRU integrates multiple functional
modules such as the data switching module, main control module, FSUA, Compact Flash (CF)
module, and system monitoring module. The SRU can be expanded to provide the clock module.
As the core of system control and management and data switching, the SRU switches data, and
controls and monitors the system.
The main control units of the SRU work in 1+1 backup mode. The data switching units can work
in either 1+1 load balancing mode or 1:1 backup mode.
The SRU of the S9300 performs the following functions:
l Forwards data on the data plane.
l Processes protocols including STP, MPLS, and various routing protocols.
l Monitors components.
l Manages the system and monitors system performance according to the user's instruction,
and provides feedback on the running status of the system for users.
Table 2-1 SRU
Name Note
SRUA Provides 1 Tbit/s service switching capability.
SRUB Provides 2 Tbit/s service switching capability.

2 Architecture
Product Description
Issue 01 (2010-12-15)
2.2.3 MCU
The MCU is applicable only to the S9303. The MCU integrates the main control module, CF
module, system monitoring module and clock module.
The MCU of the S9300 performs the following functions:
l Processes protocols including STP, MPLS, and various routing protocols.
l Monitors components, collects running data of each component periodically, and generates
control information based on the running status of the components, for example, checking
whether the boards are available and controlling the running of the switching fabric.
l Manages the system and monitors system performance according to the user's instruction,
and provides feedback on the running status of the system for users.
2.2.4 CMU
The CMU monitors and manages the follow devices:
l power modules
l fan modules
l PoE modules
These help monitor and manage the system and facilitates energy saving and emission reduction.
2.2.5 LPU
The LPUs are used to process packets and they provide service interfaces. Table 2-2 lists the
LPUs supported by the S9300.
Table 2-2 Ethernet LPUs
Name Short
Name
Remarks
48-port 100M Ethernet optical LPU
(EA, SFP) -32K MAC
F48SA It supports the following functions:
l MPLS
l Netstream
l IPv6
(EC, SFP)-128K MAC
F48SC It supports the following functions:
l MPLS
l Netstream
l IPv6
48-port 100M Ethernet electrical LPU
(EA, RJ45)-32K MAC
F48TA It supports the following functions:
l MPLS
l Netstream
l IPv6
2-11
Name Short
Name
Remarks
(EC, RJ45)-128K MAC
F48TC It supports the following functions:
l MPLS
l Netstream
l IPv6
(FA, RJ45)-32K MAC
F48TFA It supports the following functions:
l MPLS
l Netstream
l IPv6
48-port 100M/1000M Ethernet optical
LPU (EA, SFP)-32K MAC
G48SA It supports the following functions:
l MPLS
l Netstream
l IPv6
LPU (EC, SFP)-128K MAC
G48SC It supports the following functions:
l MPLS
l Netstream
l IPv6
LPU (ED, SFP)-512K MAC
G48SD It supports the following functions:
l MPLS
l Netstream
l IPv6
(FA, SFP)-32K MAC
G48SFA It supports the following functions:
l MPLS
l Netstream
l IPv6
48-port 100M/1000M Ethernet
electrical LPU (EA, RJ45)-32K MAC
G48TA It supports the following functions:
l MPLS
l Netstream
l IPv6
electrical LPU (EC, RJ45)-128K
MAC
G48TC It supports the following functions:
l MPLS
l Netstream
l IPv6
2 Architecture
Product Description
Issue 01 (2010-12-15)
Name Short
Name
Remarks
electrical LPU (ED, RJ45)-512K
MAC
G48TD It supports the following functions:
l MPLS
l Netstream
l IPv6
48-Port 1000M Ethernet electrical
LPU (FA,RJ45)-32K MAC
G48TFA It supports the following functions:
l MPLS
l Netstream
l IPv6
12-Port 100M/1000M Optical
interface + 36-Port 100M/1000M
electrical LPU (EA, RJ45/SFP)-32K
MAC
G48CEAT It supports the following functions:
l MPLS
l Netstream
l IPv6
48-port 100M/1000M Ethernet PoE
electrical LPU (EA, RJ45, POE) -32K
MAC
G48VA It supports the following functions:
l MPLS
l Netstream
l IPv6
4-port 10GE optical LPU (EA, XFP)
-32K MAC
X4UXA It supports the following functions:
l MPLS
l Netstream
l IPv6
4-port 10GE optical LPU (EC, XFP)
-128K MAC
X4UXC It supports the following functions:
l MPLS
l Netstream
l IPv6
4-port 10GE optical LPU (ED, XFP)
-512K MAC
X4UXD It supports the following functions:
l MPLS
l Netstream
l IPv6
2-port 10GE optical LPU (EA, XFP)
-32K MAC
X2UXA It supports the following functions:
l MPLS
l Netstream
l IPv6
2-13
Name Short
Name
Remarks
2-port 10GE optical LPU (EC, XFP)
-128K MAC
X2UXC It supports the following functions:
l MPLS
l Netstream
l IPv6
+ 8-port 100M/1000M Combo
electrical LPU (EA, SFP/RJ45, 1588)
-32K MAC
G24CEAS It supports the following functions:
l MPLS
l Netstream
l IPv6
LPU (SA, SFP) -32K MAC
G24SA -
LPU (EC, SFP) -128K MAC
G24SC It supports the following functions:
l MPLS
l Netstream
l IPv6
LPU (ED, SFP) -512K MAC
G24SD It supports the following functions:
l MPLS
l Netstream
l IPv6
+ Combo electrical LPU (SA, SFP/
RJ45) -32K MAC
G24CA -
12-port 10GE optical LPU (SA, SFP
+) -32K MAC
X12SA -
electrical and 2-port GE optical LPU
(EA, RJ45/XFP) -32K MAC
T24XA It supports the following functions:
l MPLS
l Netstream
l IPv6
and 2-port GE optical LPU (EA, SFP/
XFP) -32K MAC
S24XA It supports the following functions:
l MPLS
l Netstream
l IPv6
12-port 1000M EPON optical and 12-
port 100M/1000M Ethernet optical
LPU (SFP)
E12GA -

2 Architecture
Product Description
Issue 01 (2010-12-15)
NOTE
The Small Form-Factor Pluggable (SFP), SFP+, and XFP are pluggable optical modules.
The LPUs of the S9300 are classified into S-series boards, E-series boards, F-series boards and EPON
board.
l The S-series boards include SA boards. For example, 24-port 100M/1000M Ethernet optical LPU
(SA, SFP)-32K MAC
l The E-series boards include EA boards, EC boards, and ED boards. For example, 48-port 100M
Ethernet optical LPU (EA, SFP) -32K MAC.
l F-series boards include FA boards. For example, 48-port 1000M Ethernet electrical LPU (FA,
RJ45)-32K MAC.
l The EPON board is 12-port 1000M EPON optical and 12-port 100M/1000M Ethernet optical LPU
(SFP).
2.2.6 FSU
The Flexible Service Unit A (FSUA) of S9306 and S9312 supports the following functions:
l Hardware-based Ethernet OAM
l Hardware-based MPLS OAM
l Hardware-based Bidirectional Forwarding Detection (BFD)
l Dos attack protection of the Central Processing Unit (CPU) of the SRU
NOTE
Software-based Ethernet OAM, MPLS OAM, BFD and NQA functions are available in other LPUs.
FSUA is an optional subcard on the SRU of the S9312 and S9306. Users can choose to install
the FSUA according to the service requirement.
Table 2-3 FSUA
Name Description
20 Gbit/s FSUA Provides 20 Gbit/s service switching capability.

2.2.7 VSU
The Virtual Switch Unit (VSU) is used to connect multiple devices to form a stack.
On the S9312 and S9306, the VSTSA is used as the VSU, which is installed on the SRU. You
can configure the VSTSA according to service requirements. For the VSTSA, "VS" represents
the virtual switch, "T" represents the electrical interface, "S" represents the standard series, and
"A" represents the version.
NOTE
The S9303 does not support stacking.
Table 2-4 Stacking cards
Name Description
VSTSA It provides the stacking function.
2-15

2.2.8 SPU
The SPU has no service interfaces.
The SPU is called Value Added service Multi-core Processor (VAMPA), where "A" represents
the version. It supports the following functions:
l Firewall
l NAT
l Integrated NetStream
l Load balancing
l IPSec VPN
NOTE
Table 2-5 SPU card
Name Description
VAMPA It processes VASs.

2.3 Software Architecture
This section describes the relationship between the operating system and software features of
S9300.
The S9300 runs on the latest VRP version 5 (VRPv5) to provide software features. VRPv5
consists of the following parts:
l System service plane
It provides the following functions based on the operating system:
Task management
Memory management
Timer
Software loading and patching
This enhances the modular technology to facilitate system upgrade and customization.
l General control plane
It is the core of the VRP data communication platform. It functions as the basis of security
and QoS, and provides the following functions:
Link management
IP protocol stack
Routing protocol processing
It is used to control the data forwarding plane and carry out various functions of the device.
2 Architecture
Product Description
Issue 01 (2010-12-15)
l Data forwarding plane
It forwards data under the control of the general control plane to carry out data transmission.
VRPv5 supports data forwarding based on software and hardware.
l Service control plane
It controls and manages the system based on users or interfaces. It implements the
authentication, authorization, and accounting for users through the DHCP Option 82 field.
It also implements authentication for access interfaces through IEEE 802.1x.
l System management plane
It provides user interfaces and manages input/output ports. It is the basis of network
management and maintenance.
2-17
3 Service Features
About This Chapter
This section describes the major service functions of the S9300, including IP features,MPLS,
MPLS L2VPN, MPLS L3VPN, QoS, Ethernet, Ethernet OAM, NAC, multicast, reliability,
LLDP, security, clock , stacking, Web network management, firewall/NAT, load balancing,
IPSec VPN, and NetStream.
NOTE
3.1 Ethernet
This section describes the basics of VLAN mapping, QinQ, selective QinQ, and BPDU tunnel.
3.2 IP Features
This section describes the IP features supported by the S9300.
3.3 Multicast
This section describes the basics of IGMP snooping, multicast flow control, controllable
multicast, multicast VLAN, and multicast replication.
3.4 QoS
This section describes the basics of QoS supported by the S9300.
3.5 Reliability
This section describes the basics of link aggregation, BFD, and HA at the equipment level.
3.6 Security
This section describes the security measures for devices and services.
3.7 Network Management Features
The S9300 provides network management functions of LLDP and NetStream.
3.8 Clock
This section describes the clock synchronization and calibration mechanisms supported by the
S9300.
3.9 PoE
On Intranets, PoE can be used to provide centralized power for terminals such as IP phones,
Access Points (APs), chargers of portable devices, POS machines, cameras, and data collection
devices through the 10Base-T, 100Base-TX, or 1000Base-T Ethernet.
Product Description 3 Service Features
3-1
3.10 Enterprise Network Features
The S9300 provides NAC, firewall, NAT, and load balancing for enterprise networks.
3.11 MPLS
This section describes the basics of MPLS, MPLS TE, and MPLS OAM.
3 Service Features
Product Description
Issue 01 (2010-12-15)
3.1 Ethernet
This section describes the basics of VLAN mapping, QinQ, selective QinQ, and BPDU tunnel.
3.1.1 VLAN Aggregation
3.1.2 VLAN Mapping
3.1.3 Selective QinQ
3.1.4 BPDU Tunnel
3.1.1 VLAN Aggregation
Network technologies develop fast, so network addresses are insufficient. To save IP addresses,
VLAN aggregation is used.
In VLAN aggregation, a super VLAN is associated with multiple sub-VLANs. A super VLAN
cannot contain physical interfaces, but can be configured with a VLANIF interface. A sub-
VLAN can contain physical interfaces, but cannot be configured with a VLANIF interface.
Interfaces in all the sub-VLANs use the VLANIF interface address of the super VLAN. The
subnet IDs, subnet gateway addresses, and subnet broadcast addresses can be saved. In addition,
different broadcast domains use the addresses of the same subnet; therefore, addressing is
flexible and IP addresses are saved. In addition to keeping each sub-VLAN as an independent
broadcast domain, VLAN aggregation uses less IP addresses than a common VLAN.
3.1.2 VLAN Mapping
VLAN mapping refers to the setting up of a mapping table on the S9300 to realize the mapping
between the Customer VLAN (C-VLAN) and the Service VLAN (S-VLAN). One or multiple
C-VLAN IDs can be mapped to a S-VLAN ID.
NOTE
l A C-VLAN is the VLAN of the port at the user side. It is of local significance and used to identify a
user or a class of users.
l The S-VLAN is designated by the ISP at the network side. It takes effect globally and identifies a type
of service.
The S9300 supports VLAN mapping of a single VLAN tag in the following mode if the interface
at the user side is specified:
l 1:1 VLAN mapping
Maps a C-VLAN tag to the S-VLAN tag.
l N:1 VLAN mapping
Maps multiple C-VLAN tags to the S-VLAN tagor adds a VLAN tag.
l N:1 mapping
Maps multiple C-VLAN tags to the same S-VLAN tag or adds a VLAN tag.
The S9300 also supports VLAN mapping between double VLAN tags.
l 2:2 VLAN mapping
3-3
The S9300 can map the double VLAN tags of packets from the user side to the double
VLAN tags of packets from the network side. The S9300 can also switch the outer and
inner VLAN tags of a packet.
l 2:1 VLAN mapping
The S9300 maps the user-side VLAN tags to the network-side VLAN tags. It can also
change the outer VLAN tag but keep the inner VLAN tag unchanged.
In addition, the S9300 supports the CoS-based VLAN mapping. It can map multiple C-VLAN
tags to the same S-VLAN tag according to the CoS or add a VLAN tag to a packet.
For details about VLAN Mapping, see VLAN in the Quidway S9300 Terabit Routing Switch
Feature Description - Ethernet.
3.1.3 Selective QinQ
The S9300 supports the selective QinQ technique. Selective QinQ expands the space of VLAN
tags. It enables the S9300 to flexibly select outer S-VLAN tag based on the C-VLAN tag of the
received packets. In this case, various user services can travel along different paths. This
facilitates deployment of services. The selective QinQ feature can be applied to the incoming
and the outgoing interfaces. This makes the networking more flexible.
The S9300 supports the selective QinQ feature in the following ways:
l On the port, the S9300 adds a different outer S-VLAN tag based on the VLAN ID of the
C-VLAN tag of the packets.
l On the port, the S9300 changes an inner VLAN tag based on the VLAN ID of the C-VLAN
tag of the packets. The S9300 then adds a different outer S-VLAN tag.
The port enabled with QinQ learns the MAC address based on the outer VLAN tag of packets,
and forwards the upstream packets and downstream packets based on the destination MAC
address of packets.
The S9300 provides powerful hardware, which implements selective QinQ through traffic
classification based on ACLs. In this case, the S9300 can flexibly add S-VLAN tags or modify
C-VLAN tags.
For details about slective QinQ, refer to the QinQ in Quidway S9300 Terabit Routing Switch
Feature Description - Ethernet.
3.1.4 BPDU Tunnel
Bridge Protocol Data Unit(BPDU) tunnel is a Layer 2 tunnel technology. With BPDU tunnel
enabled, the BPDUs are transparently transmitted from the customer network through the VLAN
VPN specified by the ISP network. In this way, all devices in the customer network can calculate
the spanning tree. The customer network and ISP network have spanning trees that are
independent of each other. Thus the convergence speed is improved.
With BPDU tunnel enabled, the S9300 considers the tagged BPDUs as ordinary frames. Thus,
the BPDUs are forwarded within the specified VLAN; or the BPDUs are encapsulated to be
MPLS packets and then forwarded within the MPLS network without being dealt with as the
BPDUs.
3.2 IP Features
This section describes the IP features supported by the S9300.
3 Service Features
Product Description
Issue 01 (2010-12-15)
NOTE
To implement IPv6 functions, apply for and purchase the license from Huawei local office.
3.2.1 IPv4/IPv6 Protocol Stack
3.2.2 IPv4 Features
3.2.3 IPv6 Features
3.2.4 IPv4/IPv6 Transition Technologies
3.2.5 IP Session
This section describes the IP session feature supported by the S9300.
3.2.1 IPv4/IPv6 Protocol Stack
The IPv4/IPv6 protocol stack features good interworking and simplicity. Figure 3-1 shows the
structure of the IPv4/IPv6 protocol stack.
Figure 3-1 Structure of the IPv4/IPv6 protocol stack
IPv4/IPv6 Application
TCP UDP
Link Layer
IPv4 IPv6

3.2.2 IPv4 Features
The S9300 supports the following IPv4 features:
l TCP/IP protocol stack, including ICMP, IP, TCP, UDP, socket (TCP/UDP/Raw IP), and
ARP
l Static DNS and specified DNS server
l FTP server/client and TFTP client
l DHCP relay agent and DHCP server
l Ping, tracert, and NQA: NQA can detect the status of ICMP, TCP, UDP, DHCP, FTP,
HTTP and SNMP services and test the response time of various services.
NOTE
To implement NQA functions, apply for and purchase the license from Huawei local office.
l IP policy-based routing: specifies the next hop based on the attribute of packets without
searching the routing table for the routes.
For details about IPv4refer to the IPv4 Feature Description in Quidway S9300 Terabit Routing
Switch Feature Description - IP Service.
3-5
3.2.3 IPv6 Features
The S9300 supports the following IPv6 features:
l IPv6 Neighbor Discovery (ND)
l Path MTU Discovery (PMTU)
l TCP6, ping IPv6, tracert IPv6, socket IPv6, UDP6 and RawIP6
l TFTP IPv6 Client
l IPv6 policy-based routing
l DHCPv6 snooping and MLDv1/v2 snooping
l Neighbor Discovery (ND) snooping
For details about IPv6, refer to the IPv6 in Quidway S9300 Terabit Routing Switch Feature
Description - IP Service.
3.2.4 IPv4/IPv6 Transition Technologies
IPv6 over IPv4 Tunnel
As shown in Figure 3-2, the IPv6 over IPv4 tunnel technology is used for the transition from
the IPv4 network to the IPv6 network.
Figure 3-2 Schematic diagram of the IPv6 over IPv4 tunnel technology
IPv4 Header
IPv6
network
IPv6
network
IPv4 network
Dual Stack
Device
Dual Stack
Device
IPv6 host
IPv6 host
IPv6 Header IPv6 Data

The S9300 supports the following IPv6 over IPv4 tunnels:
l IPv6 manual tunnel
The IPv6 manual tunnel is created manually on the routers on the two ends of a tunnel. The
source and destination IPv4 addresses need to be statically configured. The tunnel is a
permanent link that connects two IPv6 domains through an IPv4 backbone network. It is a
fixed channel for two edge routers to communicate with each other and can be used by the
isolated IPv6 sites to communicate with each other.
l 6to4 tunnel
The 6to4 tunnel can connect multiple IPv6 isolated sites to the IPv6 network through the
IPv4 network.
3 Service Features
Product Description
Issue 01 (2010-12-15)
Compared with the manual tunnel, the 6to4 tunnel can be a P2MP connection. The manual
tunnel, however, is a P2P connection. The routers where the 6to4 tunnel is set up are not
configured in pairs. Similar to the routers on an automatic tunnel, a router on the 6to4 tunnel
can search for the other end of the tunnel; however, you do not need to specify the IPv4-
compatible IPv6 address for the 6to4 tunnel. The 6to4 tunnel uses a special IPv6 address,
that is, 6to4 address.
During the later stage of the transition from the IPv4 network to the IPv6 network, a large number
of IPv6 networks are deployed; therefore, there may be IPv4 isolated sites. The cost spent on
connecting these isolated sites through dedicated lines is very high. You can create a tunnel on
the IPv6 network to connect IPv4 isolated sites. This is similar to deploying the VPN on the IP
network through the tunnel technology. The tunnel that is used to connect IPv4 isolated sites on
the IPv6 network is called an IPv4 over IPv6 tunnel.
To set up IPv4 over IPv6 tunnels, the IPv4/IPv6 dual stack needs to be enabled on the routers
at the edge of the IPv6 network and the IPv4 network.
Figure 3-3 Networking diagram of the IPv4 over IPv6 tunnel
IPv4 Payload
IPv4 Header
IPv4
network
IPv4
network
IPv6 network
Dual Stack
Router
Dual Stack
Router
IPv4 host IPv4 host
IPv4 Header
IPv6 Header
IPv4 Payload
IPv4 Header
IPv6 Payload

6PE
The IPv6 Provider Edge (6PE) router allows the communication between the IPv6 isolated CE
routers over the IPv4 network. Figure 3-4 shows the networking diagram of 6PE topology. The
ISP can use the IPv4 backbone network to provide services for the IPv6 networks where users
are distributed dispersedly.
3-7
Figure 3-4 6PE topology
IPv4/MPSL Cloud
IBGP
P
CE
CE
IPv6 Cloud
Customer site
IPv6 Cloud
Customer site

The 6PE router labels IPv6 routing information and floods the information onto the ISP's IPv4
backbone network through Internal Border Gateway Protocol (IBGP) sessions. The IPv6 packets
are labeled before entering the tunnels on the backbone network. The tunnels can be MPLS
LSPs.
The IGP protocol used on the ISP network can be OSPF or IS-IS, and the protocol used between
CE routers and 6PE routers can be a static routing protocol, an IGP, or EBGP.
If the IPSs want to use the IPv4/MPLS networks to exchange IPv6 traffic, they can just update
the PE router. Therefore, using the 6PE feature as an IPv6 transition mechanism is a cost-
effective solution for ISPs.
3.2.5 IP Session
This section describes the IP session feature supported by the S9300.
As shown in Figure 3-5, Switch represents the S9300.
Figure 3-5 Networking diagram of the IP session
DHCP Server
AAA Server
Internet
Switch DSLAM

The S9300 can terminate and authenticate IP sessions and assign IP addresses to IP sessions.
The STB or VOIP terminal of a family sends a DHCP Request message. Then the S9300 directly
assigns an IP address to the terminal or relays the message to the DHCP server requesting an IP
address. Before assigning an IP address, the S9300 sends the VLAN (QinQ) information or
3 Service Features
Product Description
Issue 01 (2010-12-15)
DHCP Relay Agent information to the AAA server for authenticating the terminal. If the
authentication is successful, the S9300 assigns an IP address to the terminal.
The S9300 can perform scheduling on the services of different types or encapsulate service
traffic into different VPNs, thus separating services.
3.3 Multicast
This section describes the basics of IGMP snooping, multicast flow control, controllable
multicast, multicast VLAN, and multicast replication.
The S9300 supports rich multicast features including IGMP snooping, IGMP proxy, static
multicast, multicast across VLANs, and multicast replication. The S9300 also provides strong
multicast duplication capacity and the deployment of multicast services on the VPLS network.
3.3.1 Multicast Routing Protocol
3.3.2 IGMP Snooping
3.3.3 Static Multicast
3.3.4 Multicast VLAN and Multicast Replication
3.3.1 Multicast Routing Protocol
The S9300 supports the following multicast routing protocols:
l Internet Group Management Protocol (IGMP), Protocol Independent Multicast-Dense
Mode (PIM-DM), Protocol Independent Multicast-Sparse Mode (PIM-SM), Multicast
Source Discovery Protocol (MSDP), and Multi-protocol Border Gateway Protocol
(MBGP).
l PIM-SSM: When a multicast source is specified, a host can directly join the multicast
source, without registering with the Rendezvous Point (RP).
l Anycast RP: Multiple RPs can exist in a domain and they are configured as MSDP peers.
A multicast source can register with the nearest RP, and the receiver can also choose the
nearest RP and join the shared tree of the RP. When an RP expires, the multicast source
and receiver registered on this RP choose another near RP to register and join. Thus loads
are shared on the RPs.
l IPv6 multicast routing protocols: PIM-IPv6-DM, PIM-IPv6-SM, and PIM-IPv6-SSM.
l Multicast Listener Discovery (MLD): MLD is used to set up and maintain the member
relationship of groups between hosts and their directly connected multicast routers. The
functions and implementation of MLD are the same as those of the IGMP. MLD has the
follow versions:
MLDv1
MLDv1 is defined in RFC 2710 and derived from IGMPv2. MLDv1 supports the Any-
Source Multicast (ASM) model. With the help of SSM mapping, MLDv1 can support
the Source-Specific Multicast (SSM) model.
MLDv2
MLDv2 is defined in RFC 3810 and derived from IGMPv3. MLDv2 supports the ASM
and SSM models.
3-9
When the multicast routing module receives, imports, and advertises multicast routes, the
S9300 can filter the routes based on routing policies. When forwarding IP multicast packets, the
S9300 can filter and forward the packets based on policies.
For details about Link Aggregation, refer to the Quidway S9300 Terabit Routing Switch Feature
Description - Multicast.
3.3.2 IGMP Snooping
Located between the host and the multicast router, the S9300 can statically configure the
multicast forwarding entries. In addition, the S9300 maintains the multicast group and the
mapping of VLAN ID and outbound ports by listening to the passing IGMP messages. The
S9300 dynamically sets up a Layer 2 forwarding table for multicast packets.
When the S9300 receives a multicast packet, it forwards the packet to only the VLAN members
of that multicast group. Based on the Layer 2 forwarding table, the packet is multicast in the
VLAN. This reduces the number of packets transmitted over the network to save network
bandwidth, and improves the security of information.
Prompt Leaving of Ports
When a port of the S9300 is attached with only one host, the S9300 directly deletes the
corresponding multicast forwarding entry of that port as long as it receives an IGMP Leave
message from the host through that port. After that, the S9300 does not forward IGMP Query
messages to that port. This saves bandwidth and system resources and realizes prompt
switchover of services.
Multicast Querier
On the Layer 2 network, the S9300 can function as the querier to realize the multicast function
in the following ways:
l Runs queries.
l Terminates the IGMP packets.
l Establishes the multicast forwarding table on the Layer 2 network.
The querier can be configured based on VLAN.
When querier is enabled in the VLAN, the multicast querier of the S9300 performs the following
functions:
l Terminates the Report packet from the IGMP of the user, and then establishes the multicast
forwarding entry based on the Report packet.
l Terminates the Query packet from the IGMP of the router, and then sends the query packet.
l Broadcasts the Protocol Independent Multicast (PIM) packet in the VLAN.
l Terminates the Leave packet from the IGMP of the user. When the user sends a Leave
packet, the querier sends a specific group Query packet to confirm it.
Multicast Packet Repression
If the S9300 receives the Report packet or Leave packet from the users within a short period of
time, the S9300 checks whether the same Report packet or Leave packet is received in the
repression period. The S9300 then determines whether to send the packets to the router. This
reduces the number of IGMP packets to be dealt with by the router.
3 Service Features
Product Description
Issue 01 (2010-12-15)
Controllable Multicast
The S9300 can control the access of VLAN or VPLS VSI users to a multicast group by
configuring ACL. This implements the controllable multicast communication.
Multicast Call Admission Control (CAC)
multicast CAC is involved in the IPTV multicast scheme and is mainly used to control the number
and bandwidth of IPTV channels in the Layer 2 multicast scenario, thereby preventing users
from requesting additional channels or bandwidth and ensuring high service qualities for existing
users.
3.3.3 Static Multicast
A user host receives the multicast traffic through a DSLAM. For example, the Set Top Box
(STB) receives the video programs from the Broadband Television (BTV). The S9300 can be
deployed between multiple DSLAMs and the upstream multicast router. IGMP is not enabled
for some VLANs on the S9300. The S9300 sets up the multicast member relationship statically
and sets up multicast forwarding entries for those VLANs as required.
Each DSLAM supports the controllable multicast to directly control the addition, deletion, and
switching of channels from the STB. The S9300 is not involved in the transmission of IGMP
packets. In this way, the delay of images and voices generated when users switch channels is
greatly shortened.
3.3.4 Multicast VLAN and Multicast Replication
Multicast VLAN is used to converge and forward the multicast packets of different VLANs.
The users join the multicast VLAN when they need multicast packets. Multicast VLAN copies
the multicast packets to different user VLANs. This realizes the multicast duplication function
across VLANs. The S9300 can copy up to 127 copies of multicast packets of different VLANs
to a port.
The S9300 forwards multicast packets through the multicast VLAN, and copies the packets
based on the multicast entries. The S9300 then sends these packets to the VLANs of different
users. Using the multicast VLAN technique, the S9300 can converge the multicast packets in
the entire user VLANs to one or several VLANs.
The multicast across VLAN technique enables the S9300 to send unicast packets and multicast
packets in different VLANs. This helps to manage and control the multicast traffic and to save
the bandwidth resource.
3.4 QoS
This section describes the basics of QoS supported by the S9300.
QoS provides network services with different qualities as required.
NOTE
For details about Link Aggregation, refer to the Quidway S9300 Terabit Routing Switch Feature
Description - QoS.
3.4.1 Hierarchical Traffic Policing
3.4.2 Flow Control
3-11
3.4.3 Re-marking
3.4.4 Queue Scheduling
3.4.5 Congestion Avoidance
3.4.6 Traffic Shaping
3.4.1 Hierarchical Traffic Policing
The S9300 supports two-level traffic policing, namely, traffic policing based on users and traffic
policing based on user groups. It supports the multiplexing of bandwidths of users and user
groups.
Traffic policing is used to monitor the service traffic that matches the traffic classifier rules on
the incoming interface. In this manner, the interface can be adapted to the assigned network
resources such as bandwidth. Traffic policing limits the rate of the traffic on the incoming
interface. In this manner, the S9300 can monitor the traffic entering a network. If the rate is too
high, the S9300 chooses to discard the packets or reset the priorities of the packets.
The S9300 supports the two-rate-three-color marker and one-rate-two-color marker. This
guarantees granular management of bandwidths.
3.4.2 Flow Control
Flow control is used for congestion management. When a network cannot provide the committed
or negotiated performance specifications, such as rate, congestion occurs.
In this case, an Ethernet switch sends pause frames to its peer to inform the peer to stop sending
data for a while. This helps decrease the volume of traffic on the network. Flow control enabled
on a port functions on all the traffic on the port.
3.4.3 Re-marking
With re-marking, the S9300 applies parameters about services to the packets that match certain
ACL rules. Re-marking is implemented as follows:
l The S9300 applies parameters about services provided by itself to the packets.
l The S9300 applies parameters about services drawn upon the mapping table according to
the Differentiated Services Code Point (DSCP) of the packets.
l The S9300 applies parameters about services drawn upon the mapping table according to
the DSCP defined by users.
l Users assign parameters about services to the packets.
3.4.4 Queue Scheduling
When an Ethernet switch forwards multiple packets, these packets may compete for resources.
Queue scheduling is thus introduced to address this problem. The S9300 supports the following
queue scheduling algorithms:
l Strict Priority (SP)
l Weighted Round Robin (WRR)
l SP + WRR
3 Service Features
Product Description
Issue 01 (2010-12-15)
l Deficit Round Robin (DRR)
l SP + DRR
Outgoing packets on the ports of the Ethernet switch are forwarded in different manners as
defined in the preceding algorithms.
3.4.5 Congestion Avoidance
When congestion occurs, a switch immediately discards certain packets to release resources of
queues. The switch also schedules the packets into queues other than those with long delay. This
helps to remove the congestion.
The S9300 supports the Weighted Random Early Detection (WRED) algorithm. WRED
monitors packets in each queue and compares the length of the queue with the low threshold for
dropping packets. Based on the result, the S9300 processes the packets in queues in the following
ways when congestion occurs.
l When a queue is shorter than the minimum threshold, the device does not discard packets.
l When the length of a queue is between the low threshold and the high threshold, WRED
begins to discard packets randomly.
l When a queue is longer than the high threshold, the device discards all incoming packets.
3.4.6 Traffic Shaping
With traffic shaping, the transmission rate of outgoing packets are controlled and packets are
transmitted at an even rate. Traffic shaping is applied to the downstream traffic to make its
transmission rate the same as that provided by the downstream devices. This prevents the
discarding of packets and traffic congestion. The difference between traffic shaping and traffic
policing lies in that traffic shaping is used to buffer packets that exceed the set rate limit and
then transmit the packets at an even rate; traffic policing is used to discard packets that exceed
the set rate limit. In traffic shaping, packets are delayed for transmission. In traffic policing,
however, no delay is added for packets.
The S9300 supports traffic shaping based on interfaces, class of service (CoS) and VLAN, that
is, shapes the traffic of all VLANs, interfaces and CoSs. The two types of traffic shaping can be
carried out through different parameters.
3.5 Reliability
This section describes the basics of link aggregation, BFD, and HA at the equipment level.
3.5.1 Link Aggregation
3.5.2 DLDP
3.5.3 RRPP and the Multi-Instance Technology
3.5.4 Smart Link and the Multi-Instance Technology
3.5.5 Ethernet OAM
This section describes the basics of Ethernet OAM.
3.5.6 BFD
3.5.7 LSP Protection Switchover
3-13
3.5.8 High Availability at the Equipment Level
3.5.1 Link Aggregation
The S9300 can bind multiple ports into an Eth-Trunk interface manually. The S9300 also
supports link aggregation in static mode. That is, the administrator sets up the aggregation group
and adds member link, and the Link Aggregation Control Protocol (LACP) maintains the
aggregated link.
When one of the links fails, traffic is balanced among the other links without interruption. The
S9300 supports the aggregation of links on different LPUs, which improves the reliability of
services.
For details about Link Aggregation, refer to the Trunk in Quidway S9300 Terabit Routing
Switch Feature Description - Ethernet.
3.5.2 DLDP
The S9300 supports the Device Link Detection Protocol (DLDP). DLDP monitors the link status
of optical fibers or copper twisted-pair cables. If a unidirectional link exists, DLDP automatically
shuts down or notifies users to manually shut down the port on the unidirectional link as required.
This prevents network faults.
For details about DLDP, refer to the DLDP in Quidway S9300 Terabit Routing Switch Feature
Description - Reliability.
3.5.3 RRPP and the Multi-Instance Technology
To reduce convergence time and remove the impact of network scales on the convergence time,
Huawei develops the Rapid Ring Protection Protocol (RRPP) that is a data link layer protocol
exclusively used in Ethernet ring networks.
When an Ethernet ring network is complete, RRPP can prevent broadcast storms caused by data
loops. When a link is disconnected, RRPP helps to quickly enable the standby link and then
recover the communications between nodes on the ring network.
Compared with other Ethernet ring technologies, RRPP boasts of the following features:
l Convergence time is less than 50 milliseconds (ms).
l Convergence time bears no relation to the number of nodes on a ring network. Thus, RRPP
can be applied to a network with a great diameter.
l RRPP can prevent broadcast storms caused by loops when an Ethernet ring network is
complete.
l On an Ethernet ring network, when a link is torn down, a backup link immediately starts
to resume the normal communications between nodes.
On intersectant RRPP rings, when the topology of a ring changes, topology flapping by no means
occurs on other rings. Instead, data transmission can be better guaranteed.
The RRPP multi-instance technology applies to ring Ethernet networks. Different RRPP
instances are arranged for different C-VLANs to carry out independent calculation and
convergence of topologies. In addition, the multi-instance technology optimizes the network and
simplifies configurations in complex topologies with multiple intersectant rings or multiple rings
in multiple domains.
3 Service Features
Product Description
Issue 01 (2010-12-15)
For details about RRPP, refer to the RRPP in Quidway S9300 Terabit Routing Switch Feature
Description - Reliability.
3.5.4 Smart Link and the Multi-Instance Technology
The dual-homing networking is one of the most commonly used networking. In most cases, STP
is enabled to implement the backup of links. STP, however, cannot satisfy users that require
quick convergence.
Thus, Smart Link is introduced to provide link backup and fast switching of traffic between the
active and standby links. This meets the requirements of users for fast convergence of links. In
a dual-homing network, when the active link fails, the device automatically switches traffic to
the standby link. In this manner, the redundant link is blocked and backup of links is
implemented.
The features of Smart Link are as follows:
l It is dedicated to dual-homing networks.
l The convergence time can reach sub-seconds.
l It is easy to configure and operate.
Smart Link multi-instance means that a Smart Link group is configured with multiple instances
and each instance is configured with a VLAN range. You can use commands to configure some
instances to transmit packets through standby links. Thus the VLANs transmit packets through
different paths to implement load balancing.
For details about Smart Link, refer to the Smart Link in Quidway S9300 Terabit Routing Switch
Feature Description - Reliability.
3.5.5 Ethernet OAM
This section describes the basics of Ethernet OAM.
The Ethernet OAM functions of the S9300 include fault management and performance
management.
For details about Ethernet OAM, refer to the Ethernet OAM in Quidway S9300 Terabit Routing
Switch Feature Description - Reliability.
3.5.6 BFD
The S9300 supports the BFD mechanism to implement fast detection and monitor the
connectivity of links.
BFD realizes fast detection of link failures by using the "Hello" protocol. Detection packets are
transmitted periodically from both ends of a bidirectional link. If the S9300 fails to receive the
detection packets from the peer end in a certain period of time, it indicates that certain segment
of the bidirectional link fails. BFD then triggers the switchover mechanism to ensure the
reliability of the network.
BFD supports failure detection in milliseconds. BFD also supports asynchronous detection.
The S9300 supports the following BFD detection methods:
l Detection of links
l Detection of the connectivity of IP routing
3-15
l Detection of the connectivity of an LSP, a CR-LSP, and an MPLS TE protection group
l BFD detection on the VPLS network
It also processes the diagnosis packet that manages the switchover of VPLS and performs
the switchover.
The S9300 supports the association among BFD, 802.3ad, and 802.1ag to achieve end-to-end
OAM.
For details about BFD, refer to the BFD Feature Description in Quidway S9300 Terabit
Routing Switch Feature Description - Reliability.
3.5.7 LSP Protection Switchover
The S9300 supports MPLS OAM and fast detection of LSP faults. A standby LSP can be set for
the active LSP to realize 1+1 backup of LSPs. When the active LSP fails, services can be fast
switched to the standby LSP. This greatly improves the reliability of the network.
For details about LSP protection switchover, refer to the MPLS OAM in Quidway S9300
Terabit Routing Switch Feature Description - MPLS.
3.5.8 High Availability at the Equipment Level
Hot Backup
The S9300 supports hot backup of its key components including the SRU/MCU, power modules,
and fan modules.
l SRU/MCU
The S9300 can be installed with two SRUs/MCUs that run in 1+1 backup mode.
l The two SRUs/MCUs in 1+1 backup mode support two types of protection switchover:
Automatic protection switchover
It is triggered by the system upon a serious fault or resetting of the active SRU/MCU.
Forcible protection switchover
It is triggered by commands through the console port. You can also prevent the active/
standby switchover of the SRUs/MCUs by using commands through the console port.
After the active/standby switchover is performed, the standby SRU/MCU immediately takes
over the entire services. This ensures continuity of services and availability of the system.
l Power modules
The S9300 can be configured with 4 AC power modules or 4 DC power modules. The
power modules work in redundancy backup mode.
The power modules provide power for the S9300 when they are correctly installed and
powered on. When one of the power modules fails, the other one immediately takes over
the services without interruption.
The PoE function supports only the AC power modules. The S9303 does not support the
backup of PoE power modules. The S9306 and the S9312 support the PoE power modules
working in M+N mode.
l Fan modules
Each fan frame of the S9300 provides two layers of fan frames to carry out backup for the
system. When any of the fan frames fails, the other fan frame still ensures that the ambient
3 Service Features
Product Description
Issue 01 (2010-12-15)
temperature is not higher than 45C. To ensure that the ambient temperature is not higher
than 40C, a single fan frame can normally work for only 96 hours.
When a fan fails, the system generates an alarm message.
Hot Swap
The SRU, MCU, LPU, CMU, power modules, and fan frames of the S9300 are hot swappable.
WARNING
FSUA is not hot swappable.
l Hot swap of the SRU/MCU
If the S9300 is installed with two SRUs/MCUs that work in 1+1 backup mode, hot swap
of the standby SRU/MCU does not interrupt services. Hot swap of the active SRU/MCU,
however, implements fast switchover of services to the standby SRU/MCU. The data
switching units can work in 1:1 load balancing mode. In this mode, the data switching
capability is reduced by half when the SRU is hot swapped.
l Hot swap of the LPU
l Hot swap of power modules
When the S9300 is installed with four power modules that run normally, hot swap of one
or two of them does not interrupt services.
l Hot swap of fan frames
Hot swap of fan frames does not affect services of the S9300.
l Hot swap of the air filter
The air filter is not powered and is swappable as required. It is convenient for routine
cleaning.
Inter-SIC Eth-Trunk
Multiple Ethernet ports, either on the same SIC or different SICs, of the S9300 can be bound to
a logical Eth-Trunk interface. This realizes backup between ports and load balancing of traffic.
When one member port in the Eth-Trunk interface fails, the services on that port are
automatically carried by other ports in the Eth-Trunk interface. In this case, the Eth-Trunk
interface can still handle services normally. Therefore, service transmission is not affected.
Because the bound ports belong to different SICs, inter-SIC Eth-Trunk reduces the impact of
one SIC fault and removes the single-site fault.
E-Trunk Composed of Ethernet Interfaces on Different Devices
As an extension to the Link Aggregation Protocol (LACP) that implements link aggregation of
a single device, the Enhanced Trunk (E-Trunk) protocol implements link aggregation of different
devices. The link reliability is thus improved.
The E-Trunk is mainly applied to the scenario that a CE is dual homed to the VPLS, VLL, or
PWE3 network. In this scenario, E-Trunk protects the links between the CE and PE and prevents
3-17
the fault on the PEs. Before the E-Trunk is introduced, a CE can only be connected to a PE
through the Eth-Trunk.
If the Eth-Trunk or the PE is faulty, the CE cannot communicate with the PE. After the E-Trunk
used, the CE can be dual homed to two PEs to implement backup between devices.
Figure 3-6 Networking diagram of E-Trunk
PE1
PE2
CE
E
th
-
T
ru
n
k
1
0
E
th
-T
ru
n
k
2
0
E-Trunk 1

Stacking
A single switch cannot meet requirements of the increasing access volume of the data center and
the network reliability. To meet the forwarding requirement of the database and ensure the
network reliability, the stacking technology of switches is introduced.
In a CSS, multiple S9300s are connected through dedicated stacking cables to form a logical
switch.
The stacking technology brings the following benefits to operators:
l Protecting investments during network capacity expansion
l Simplifying configuration and management during capacity expansion: multiple physical
switches form a logical switch
l Improving system reliability through redundancy and backup of multiple switches
Protection Against Abnormity
The S9300 separates the control channel from the service channel. This provides a non-blocking
control channel. The S9300 supports the following measures for protecting against abnormities:
l Provides error correction for memory chip faults.
l Provides protection against mis-insertion on the power input interface.
l Provides fan frames with separate power supply channels. The failure of any of the fan
frames does not affect the other.
l Provides protections against over-current and over-voltage for power and interface
modules.
l Provides protection against mis-insertion of boards to prevent inserting the H-SICs into the
L-SIC slots.
3 Service Features
Product Description
Issue 01 (2010-12-15)
l Provides the monitoring and alarm functions for the power modules, voltage and
environment temperature.
Protection in Operation
The S9300 supports the following protection measures:
l Supports in-service upgrade of the BootROM, in-service patching, and version rollback.
l Supports data hot backup between the active and standby units. The active unit
automatically switches to the standby state when failures occur to the active unit. This
prevents loss of data or information.
l Supports timely synchronization of configurations between the LPUs and SRUs/MCUs.
l Supports the abnormity monitoring for the VRP system software, such as automatic
restoration and log record.
l Supports final records of process status that can be used to locate faults more easily after
an accident.
The S9300 also provides protection and prompt for improper operations. The S9300 provides
operation and confirmation prompts for certain commands that may degrade the system
performance.
3.6 Security
This section describes the security measures for devices and services.
3.6.1 Security for Devices
3.6.2 Security for Services
3.6.1 Security for Devices
Hierarchical Command Lines
The S9300 authenticates login users for safety when users Telnet the device through Ethernet
ports. Users can log in to configure and maintain the device only after they pass the
authentication.
Commands of the S9300 are divided into 4 levels. Login users are also divided into 4 levels
corresponding to these 4 levels. After logging in to the S9300, users can run only the command
with the same or lower level than the user level. This mechanism effectively controls the
authority of login users.
The S9300 supports the extension of command levels and user levels, which can be mapped
from four levels to 16 levels. This level mapping implements effective management on the user
levels.
The S9300 can also lock the terminal through commands to prevent illegal use of the terminal.
Remote Login Through SSH
The S9300 supports Secure Shell (SSH) of v1.5 and v2. On the network without security
guarantee, SSH provides powerful guarantee of security and authentication for login users and
can defend against illegal attacks.
3-19
Encryption Authentication in SNMP
The S9300 supports encryption authentication in SNMPv3. It authenticates the validity of the
management packets from the NMS.
Authentication, Authorization and Authorization
The S9300 supports Authentication, Authorization and Accounting (AAA). AAA supports three
types of user authentication:
l Local authentication
l Remote Authentication Dial-In User Service (RADIUS)
l Huawei Terminal Access Controller Access Control System (HWTACACS) authentication
It can authenticate and authorize login users in cooperation with hierarchical command line
protection. It can also authorize the validity of the NMS administrator. The S9300 can defend
against login of illegal users based on AAA.
Hierarchical CPU Protection
The S9300 supports two levels of CPU protections.
l Protection at the LPU level
The S9300 performs flow control for the protocol packets and management packets sent
from the LPU to the CPU of the SRU based on the protocol type. This protects the channel
between the LPU and the CPU from being congested with packets through Denial of Service
(DoS) attacks.
l Protection at the SRU level
When the CPU receives protocol packets and management packets sent from the LPU to
the CPU, the S9300 performs traffic classification, re-marking, flow control, and the
whitelist function to the packets and implements QoS and rate limit on the CPU. This
protects the CPU against Distributed DoS (DDoS), IP spoofing, and SYN Flood attacks.
3.6.2 Security for Services
Packet Filtering Through ACL
Packet filtering is used to filter illegal or unwanted packets.
The S9300 filters packets based on user-defined rules. For example, it filters packets by checking
the source or destination address of the packet. Packet filtering does not check the state of
sessions and does not analyze the data.
By filtering packets, the S9300 can effectively control the packets passing the device.
DHCP Snooping/Option 82
Deployed between the server and client of the Dynamic Host Configuration Protocol (DHCP),
the S9300 listens to the sending DHCP packet. The S9300 then sets up a table binding the IP
address with the MAC address based on the results of monitoring. This represses illegal packets
from being transmitted. The S9300 can also insert or strip the Option 82 field into or off the
packet.
3 Service Features
Product Description
Issue 01 (2010-12-15)
l Receiving the request packet from the DHCP client, the S9300 inserts the Option 82 field
into the packet. The DHCP server then assigns IP addresses by identifying the Option 82
field.
l The DHCP server inserts the Option 82 field into the response packet. The S9300 analyzes
the Option 82 field to select the forwarding port. The S9300 then strips the Option 82 field
and forwards the packet to the user.
The Option 82 field records the ID number of the user circuit, which can effectively defend the
attacker from tampering the DHCP packet.
Similarly, with the IP session feature, the S9300 checks the IP addresses, MAC addresses,
interface numbers, and VLAN IDs of the packets according to the VLAN or Option 82
information. This prevents unauthorized users from forging IP addresses.
Limit of MAC Address Learning at Ports
The S9300 supports the limit of MAC address learning.
The S9300 supports setting the maximum number of MAC entries learnt by a port. This can
defend against attacks with forged MAC entries and prevent the MAC table resource of the
S9300 from being used up.
The S9300 supports the following three ways to limit the number of MAC addresses:
l Based on ports
l Based on VLAN ID
l Based on VSI
When the number of MAC addresses learnt by a port exceeds the limited threshold, the S9300
forwards or discards the incoming packets with new MAC addresses according to the
configurations.
Blackhole MAC Entries
The S9300 supports blackhole MAC entries. When the S9300 receives a packet, it compares the
destination MAC addresses of the packet with the MAC entries in the blackhole MAC table. If
the MAC address of the packet is identical with the MAC address of a blackhole entry, the packet
is dropped.
After detecting that packets with a specific MAC address are attack packets, the administrator
can set a blackhole MAC entry to filter the packets with that specific MAC address. This can
prevent attacks using MAC addresses.
Port Binding Based on MAC+VLAN
To improve the security of interfaces, the S9300 allows the network administrator to add static
entries to the MAC address table. The static entries identify the mapping among the specified
MAC address, VLAN ID, and interface. This binds the S9300 to the interfaces and thus prevents
MAC spoofing attacks.
Broadcast Traffic Suppression
The S9300 can limit the transmission rate of broadcast packets, multicast packets, and unknown
unicast packets based on interfaces.
3-21
The S9300 can also limit the maximum traffic percentage of broadcast packets, multicast
packets, and unknown unicast packets, thus controlling the traffic volume of broadcast packets.
3.7 Network Management Features
The S9300 provides network management functions of LLDP and NetStream.
3.7.1 LLDP
This section describes the basics of LLDP.
3.7.2 NetStream
3.7.1 LLDP
This section describes the basics of LLDP.
The S9300 supports the Link Layer Discovery Protocol (LLDP). LLDP conforms to IEEE
802.1ab. LLDP discovers the adjacency relationships between devices on the link layer. It is
used for the interconnected devices to acquire the connection information of each other.
Using the LLDP, the local network management station can acquire the link layer information
of all devices in the local network. It also collects detailed information about network topology
and topology change. This expands the scope of network management.
The port with LLDP enabled on the S9300 periodically notifies the neighbors of its status. If the
status changes, the port sends the updates of the current state to the neighbors directly connected
to it. The neighbors then store the status of the port in the standard SNMP MIB. The NMS
searches the MIB for the link layer information of the network. Based on search results, the NMS
can calculate the network topology.
3.7.2 NetStream
With increasing services and applications on networks, users propose high requirements for
traffic statistics analysis. NetStream provides a way to obtain the detailed record through the
data network for network administrators.
3 Service Features
Product Description
Issue 01 (2010-12-15)
Figure 3-7 Networking diagram of NetStream
NDE
NetStream
NSC
NSC
NDA
NDA
Traffic
NetStream traffic
traffic
NDE: Netstream Data Exporter NSC: Netstream Collector NDA: Netstream Data Analyzer

NetStream provides the following functions:
l Network management and planning
l Enterprise accounting and department billing
l ISP billing report
l Data storage
l Data collection for business
Due to the connectionless-oriented feature of the IP network, communications among different
types of services are implemented by transmitting IP datagrams from one terminal to another.
Such IP datagrams actually constitute a data flow of a service on the network. Most data traffic
on the network is temporary and bidirectional.
Based on the destination IP address, source IP address, destination port number, source port
number, protocol number, Type of Service (ToS), and incoming or outgoing interface of packets,
NetStream identifies different streams and collects statistics for these steams independently.
The NDE sends the collected traffic statistics regularly to the NSC for further processing and
then sends the statistics to the NDA for data analysis. The report generated based on the analysis
result is the basis for charging and networking planning.
(Item list)The S9300: Supports the NDE function. Samples IPv4/IPV6/MPLS packets. Supports
fix-packet sampling and fix-time sampling. Supports establishment of the original traffic,
flexible traffic, and aggregation traffic. Exports packets in V5/V8/V9 format.
The S9300 supports distributed NetStream and integrated NetStream.
3-23
For details about netstream, refer to the NetStream in Quidway S9300 Terabit Routing Switch
Feature Description - Network Management.
3.8 Clock
This section describes the clock synchronization and calibration mechanisms supported by the
S9300.
The S9300 supports the clock synchronization at the physical layer and the IEEE 1588V2 clock
synchronization and calibration mechanisms. These mechanisms provide precise clock for
mobile communication services.
With the physical-layer clock synchronization mechanism, the S9300 obtains clock data from
the signaling over the physical transport link, thus synchronizing clock frequency. The S9300
can obtain clock data from the synchronized Ethernet links.
IEEE 1588V2 is a clock synchronization protocol. The clock precision is at the microsecond
level, which meets the requirements of 3G services and base stations. The S9300 supports the
following features of IEEE 1588V2:
l Timed clock synchronization and clock data synchronization
l Three clock modes, namely, boundary clock, ordinary clock, and transparent clock
(including end-to-end transparent mode and point-to-point transparent mode). An interface
can be configured with a clock as required.
l Protective switching of clock sources
For details about clock synchronization at the physical layer, refer to the Synchronization
Ethernet in Quidway S9300 Terabit Routing Switch Feature Description - Device
Management.
For details about IEEE 1588V2 clock synchronization, refer to the PTP in Quidway S9300
Terabit Routing Switch Feature Description - Device Management.
3.9 PoE
On Intranets, PoE can be used to provide centralized power for terminals such as IP phones,
Access Points (APs), chargers of portable devices, POS machines, cameras, and data collection
devices through the 10Base-T, 100Base-TX, or 1000Base-T Ethernet.
Terminals are powered when they access the network. Therefore, the indoor cabling of power
supply is not required.
According to IEEE802.3af or IEEE 802.3at, PoE involves PSEs and PDs.
The PSEs provide power for other devices and are classified into MidSpan (the PoE module is
installed out of the switch) and Endpoint (the PoE module is integrated to the switch) PSEs.
IEEE 802.3af or IEEE 802.3at allow the Endpoint PSE to use copper line pairs connected to
pins 1 and 2 and pins 3 and 6 or pins 4 and 5 and pins 7 and 8 for power supply. The Endpoint
PSE is compatible with 10Base-T, 100Base-TX, and 1000Base-T interfaces. The Endpoint PSE
is more widely used than the Midspan PSE.
The S9300 is the Endpoint PSE, complying with IEEE 802.3af or IEEE 802.3at. Each interface
provides 30 W power.
On the S9300, each interface supporting PoE provides three power supply priorities for PDs,
that is, critical, high, and low. When the power consumption of PDs is greater than the total
3 Service Features
Product Description
Issue 01 (2010-12-15)
power of the PSE, the PSE first provides power supply for the PD on the interface with the
highest priority. If different interfaces have the same priority, the PSE provides power supply
for PDs in descending order of port numbers. The PD on the interface with the smallest interface
number first obtains power supply.
For details about PoE, refer to the PoE in Quidway S9300 Terabit Routing Switch Feature
Description - Device Management.
3.10 Enterprise Network Features
The S9300 provides NAC, firewall, NAT, and load balancing for enterprise networks.
3.10.1 NAC
This section describes the principle of network admission control (NAC).
3.10.2 Firewall
3.10.3 NAT
3.10.4 Load Balancing
3.10.1 NAC
This section describes the principle of network admission control (NAC).
The NAC concept is introduced to protect the enterprise intranets against the attacks of emerging
hacker technologies such as new viruses and worms. By using the NAC function, the S9300 can
allow only the authorized or trusted devices to access the network, for example, personal
computers, servers, and PDAs.
The main components of NAC are as follows:
l Agent program installed on the terminal
l Network access device
l Policy server or AAA server
l Anti-virus server
l Management system
When functioning as a network access device, the S9300 provides the following functions:
l 802.1X access, including port mode and MAC mode
l Portal access
l Relay authentication in which the S9300 obtains user entries through DHCP snooping
In addition, the NAC function is applicable to the following special scenarios:
l Best-effort: Users can access the network when the RADIUS server is Down.
l Privileged users and devices without agent, such as printer and IP phone
3-25
Figure 3-8 Main components and networking of NAC
Internet
SA
VPN Gateway
Enterprise external
network
Enterprise intranet
SA
SA
Pre-authentication
domain
Third-party anti-virus server
Third-party domain management server
Third-party patch server
Authentication
domain 1
Authentication
domain 2
Core
information
Common
information
SACG
SRS
SC
SM
SA: Secospace Agent
SM: Secospace Management
SC: Secospace controller
SRS: Secospace repair server
SACG: Security acess control gateway

3.10.2 Firewall
The S9300 provides the distributed firewall with a processing capacity of 10 Gbit/s to provide
high-performance security guarantee for large enterprises, carriers, and data center networks.
The S9300 supports the functions of external attack defense, internal network security, traffic
monitoring, email filtering, Web page filtering, and application layer filtering. This effectively
ensures the security of the network.
The S9300 provides the following firewall functions:
l Packet filtering firewall
l Stateful firewall
l ASPF
l Blacklist
l Whitelist
l Port mapping
l Attack defense
l Traffic statistics and traffic monitoring
3 Service Features
Product Description
Issue 01 (2010-12-15)
l Firewall log
l Virtual firewall
The S9300 supports hot backup of firewalls in a two-node cluster. The session table and status
information are backed up in real time between the master and backup firewalls. When the master
firewall is faulty, the backup firewall takes over the work of the master firewall smoothly.
For details about firewall, refer to the Firewall in Quidway S9300 Terabit Routing Switch
Feature Description - SPU.
3.10.3 NAT
The S9300 provides NAT applications of many-to-one mapping, many-to-many mapping, static
network segment mapping, bidirectional conversion, and DNS mapping for enterprises. It
supports the NAT Application Level Gateway (ALG) function for NAT transversal of multiple
application layer protocols.
The S9300 provides the following NAT functions:
l NAT address pool
l NAPT
l Static NAT/NAPT
l Easy IP
l NAT server
l Twice NAT
l Source address associated with the VPN before NAT is performed
l NAT server associated with the VPN
l NAT ALG
For details about NAT, refer to the NAT in Quidway S9300 Terabit Routing Switch Feature
Description - SPU.
3.10.4 Load Balancing
The S9300 provides server load balancing for Layers 4 to Layer 7 services and supports
deployment of multiple applications and server clusters.
The S9300 supports the following load balancing algorithms:
l WRR algorithm
l Least connection algorithm
l Least bandwidth algorithm
l Algorithm based on the load
l Algorithm based on the response time
l Algorithm based on the source IP address of packets
l Algorithm based on the destination IP address of packets
l Algorithm based on the source and destination IP addresses of packets
l Algorithm based on the Layer 4 content of packets
l Algorithm based on the URL of HTTP packets
l Algorithm based on the header of HTTP packets
3-27
l Algorithm based on the Cookie and content
3.11 MPLS
This section describes the basics of MPLS, MPLS TE, and MPLS OAM.
NOTE
To implement MPLS functions, apply for and purchase the license from Huawei local office.
The S9300 can be used to construct the MPLS network. Services that are external to the MPLS
network are forwarded based on the VLAN ID and MAC addresses. On the MPLS network,
services are transmitted based on the MPLS labels. This solves the problem regarding the
capacity of the VLAN tag and the limit to the amount of MAC table entries.
The S9300 can act as the PE device or Provider (P) device on the MPLS network.
The S9300 supports multiple MPLS features, including basic MPLS features, the Label
Distribution Protocol (LDP) or Resource Reservation Protocol for Traffic Engineering (RSVP-
TE), MPLS TE, and MPLS OAM.
3.11.1 Basic MPLS Functions
3.11.2 MPLS TE
3.11.3 MPLS OAM
3.11.4 VLL
3.11.5 VPLS
3.11.6 HVPLS
3.11.7 MPLS L3VPN
This section describes the basics of MPLS L3VPN supported by the S9300.
3.11.1 Basic MPLS Functions
The S9300 supports the following basic MPLS functions:
l LDP
l Static LSP
l Two-layer MPLS labels
l Mapping the 802.1p priority to the EXP field of MPLS packets
For details about MPLS Functions, refer to the MPLS LDP in Quidway S9300 Terabit Routing
Switch Feature Description - MPLS.
3.11.2 MPLS TE
The S9300 supports the MPLS Traffic Engineering (TE) function. MPLS TE is a technique that
integrates TE with MPLS. Through the MPLS TE, the S9300 can create an LSP tunnel to a
specified path and implement re-optimization. MPLS TE also provides protection against link
or node failures by using path backup and fast reroute.
The S9300 supports the following MPLS TE features:
3 Service Features
Product Description
Issue 01 (2010-12-15)
l Supports TE extension based on the IGP protocols including IS-IS and OSPF to collect
network information.
l Supports preemption, route pinning, and re-optimization of CR-LSP.
l Supports establishment of CR-LSP based on RSVP TE; supports hot standby backup and
basic backup functions of the MPLS TE tunnel.
l Supports the use of the Constraint Shortest Path First (CSPF) algorithm to calculate
appropriate path of CR-LSP. This calculates the shorted path to a node through CSPF.
l Supports establishment of the MPLS TE tunnel and the following features of the tunnel:
Loop detection on the MPLS TE tunnel
Record of routing and labels
Re-establishment of the MPLS TE tunnel
Configuration of the tunnel priority
For details about MPLS TE, refer to the MPLS TE in Quidway S9300 Terabit Routing Switch
Feature Description - MPLS.
3.11.3 MPLS OAM
The S9300 supports the MPLS OAM mechanism to perform end-to-end fault detection at the
tunnel level and perform prompt protection switchover in 50 ms when an LSP link fails. MPLS
OAM conforms to the ITU-T Y.1710, Y.1711, and Y.1720 recommendations to realize fast
detection of LSP connectivity. The interval for detecting LSP connectivity can be adjusted as
required.
With the MPLS OAM mechanism, the S9300 can rapidly detect, locate, and report the fault in
the MPLS network by using the Connectivity Verification (CV) message and the Fast Failure
Detection (FFD) message. When a fault occurs, the S9300 triggers protection switchover by
using the Forward Defection Indicator (FDI) message and the Backward Defect Indicator (BDI)
message.
The S9300 supports 1:1 and N:1 protection switchover of LSPs with an active LSP and a standby
LSP. When the active LSP fails, the S9300 can promptly switch services to the standby LSP.
This greatly improves the reliability of the MPLS network.
For details about MPLS OAM, refer to the MPLS OAM in Quidway S9300 Terabit Routing
Switch Feature Description - MPLS.
3.11.4 VLL
VLL is an emulation of the traditional leased line. By emulating the leased line through the IP
network, it provides asymmetric, low cost point-to-point virtual leased line services. VLL is
mainly applied to the access layer and convergence layer of the MAN.
The S9300 supports the following four modes of VLL:
l Martini
The Martini mode uses double labels. The inner label takes the extended LDP as the
signaling protocol to transmit information. The Martini mode conforms to the draft of draft-
martini-l2circuit-trans-mpls. The Martini extends LDP by adding the FEC type in the VC
FEC to exchange the VC label.
l Kompella
The Kompella mode uses MP-BGP as the signaling protocol. PEs automatically discover
L2VPN nodes during the connection of BGP sessions. The Kompella uses BGP as the
3-29
signaling protocol to transmit Layer 2 information and VC labels to realize L2VPN in end-
to-end (CE to CE) mode on the MPLS network.
l SVC
The setup process of the SVC outer label (public network tunnel) is the same as that of the
Martini. The inner label is manually specified during the VC configuration. The
transmission signaling of the VC label is not required. The network topology and the
packets interaction of the SVC are the same as that of the Martini. Thus, the SVC is a
simplified version of the Martini.
l CCC
In Circuit Cross Connect (CCC), VCs are statically configured, which is similar to SVC.
Different from the common MPLS L2VPN, the CCC adopts one label to transmit user data.
This label is used for label exchange on each Label Switching Router (LSR). Therefore,
the CCC uses the LSP exclusively. Static LSPs must be configured in both directions.
For details about VLL, refer to the VLL in Quidway S9300 Terabit Routing Switch Feature
Description - VPN.
3.11.5 VPLS
Virtual Private LAN Service (VPLS) is used to connect more than one Ethernet LAN segment
through the Packet Switched Network (PSN) and make them operate in an environment similar
to a LAN. With the VPLS technology, the ISP can establish multipoint-to-multipoint VPN
connections between the dispersed users. The dispersed users can be enterprises located in
different cities.
The S9300 functions as the PE device on the VPLS network. The S9300 transmit VPLS services
by establishing through-connection between PEs.
The S9300 supports VPLS in the following methods:
l Martini
l Kompella
For details about VPLS, refer to the VPLS in Quidway S9300 Terabit Routing Switch Feature
Description - VPN.
3.11.6 HVPLS
VPLS through-connection is required between PEs. For multiple nodes or a large geographic
area, a large-scale VPLS network is required. This requires that the number of connections
established be double the number of PEs. In this case, HVPLS is used to establish a large-scale
VPLS network.
The S9300 mainly functions as the User Provider Edge (UPE) device on the HVPLS network.
It converges services from CE to Network Provider Edge (NPE) or PE-AGG (PE-Aggregation).
The S9300 supports HVPLS in Martini mode.
On the VPLS or HVPLS network, the S9300 maps services of different types to different Virtual
Switch Instances (VSIs). The S9300 then transparently transmits these services to NPE or PE-
AGG through the VPLS or HVPLS network.
For details about HVPLS, refer to the VPLS in Quidway S9300 Terabit Routing Switch
Feature Description - VPN.
3 Service Features
Product Description
Issue 01 (2010-12-15)
3.11.7 MPLS L3VPN
This section describes the basics of MPLS L3VPN supported by the S9300.
BGP/MPLS VPN provides Layer 3 VPN services over an MPLS network. MPLS facilitates the
implementation of IP-based VPN services and meets the requirements of expansibility and
manageability for VPNs. MPLS VPNs provide value-added services. Through configurations,
a single access point can be configured with multiple VPNs, each of which identifies a type of
services. This allows different types of services to be transmitted in a flexible manner over
networks.
For details about MPLS L3VPN, refer to the BGP/MPLS IP VPN in Quidway S9300 Terabit
Routing Switch Feature Description - VPN.
3-31
4 Application Scenarios
About This Chapter
This section describes the typical networking and applications of the S9300.
4.1 Overview
This section describes the position of the S9300 at the access layer and convergence layer in the
MAN.
4.2 Application of MPLS L2VPN
This section describes the function of MPLS VPN that can be applied in the actual networking.
4.3 Application of HVPLS for Dual-homing Protection
This section describes the function of HVPLS that can be applied at the access layer and
convergence layer of the MAN.
4.4 Application of RRPP
This section describes the function of RRPP in implementing fast protection switchover on ring
networks.
4.5 Application of Smart Link in Dual-Homing Networking
This section describes the function of Smart Link in dual-homing networks.
4.6 Application of Ethernet OAM
This section describes the application of Ethernet OAM on the MAN.
4.7 Application of QoS
This section describes the application of QoS on the MAN.
4.8 Application of Selective QinQ
This section describes the function of selective QinQ that can be applied in the actual networking.
4.9 Application of the S9300 in IPTV Service
This section describes the networking and application policy of the S9300 in the IPTV service.
4.10 Application of the S9300 in NAC Networking
This section describes the application of the S9300 in the NAC networking.
4.11 Applications of the Firewall
This section describes the firewall networking and policy of the S9300.
Product Description 4 Application Scenarios
4-1
4.1 Overview
This section describes the position of the S9300 at the access layer and convergence layer in the
MAN.
The S9300 is deployed at the access layer and convergence layer of the MAN. Figure 4-1 shows
the networking diagram.
Figure 4-1 S9300 application in the MAN
IP/MPLS
Core MAN MAN
LAN Switch
DSLAM
UPE UPE
NPE
DSLAM

As the UPE device in the MAN, the S9300 can converge services of Internet, VPN, IPTV, and
VoIP from the downstream devices such as Digital Subscriber Line Access Multiplexer
(DSLAM) and LAN switches such as the S2300, S3300.
The S9300 then accesses the upstream NPE devices, such as the Huawei ME60 and NE40E. The
S9300 can also act as a PE-AGG in complex networks to implement multiple levels of
aggregation.
4.2 Application of MPLS L2VPN
This section describes the function of MPLS VPN that can be applied in the actual networking.
The S9300 bears a strong capability of MPLS L2VPN.
The whole system supports 4 K VLL instances and 1 K VPLS instances.
As shown in Figure 4-2 and Figure 4-3, the S9300 functions as the UPE on the L2VPN
network,supports VLL and VPLS and provides the point-to-point VPN application and
multipoint-to-multipoint VPN application.
Product Description
Issue 01 (2010-12-15)
Figure 4-2 Point-to-point VPN application (VLL)
MAN
Intranet
A
Intranet
B
VLL
VLL
Intranet
B
Intranet
A
UPE
UPE
UPE
UPE

Figure 4-3 Multipoint-to-multipoint VPN application (VPLS)
MAN
VPLS
VLL
Intranet
A
Intranet
B
Intranet
A
Intranet
A
Intranet
B
UPE
UPE
UPE
UPE

As shown in Figure 4-4, cooperating with the DSLAM, Access Gateway (AG), and S2300/
S3300, the S9300 realizes the mapping between the access services and the VLL or VPLS
services.
4-3
l Along with the DSLAM/AG, the S9300 maps the QinQ tunnel to the VLL or VPLS services
instances. This realizes the VLL services based on Digital Subscriber Line (DSL).
l
The S9300 bears multiple services at the access layer and convergence layer. The S9300 can
map a certain type of personal services such as broadband access and VoIP services, to the VLL
or VPLS service instances.
Figure 4-4 VPN services realized through the cooperation between the S9300 and CE
VLL/VP
LS
DSLVLL
POTS
Ethernet VLL
DSLAM/AG
LAN switch
QinQ
QinQ
VLL
UPE UPE
N P E
UPE

The S9300 provides the low-cost VLL or VPLS solutions. This allows the application of MPLS
and MPLS VPN at the edge convergence layer.
l Solves the problem of pure Ethernet in the aspects of scalability, carrier-class reliability,
and manageability.
l Lessens the burden on the higher level NPEs and avoids the problems of overburden and
single-site faults.
l Realizes distributed processing of services with services implemented from devices at the
edge convergence layer. This makes services customizable.
4.3 Application of HVPLS for Dual-homing Protection
This section describes the function of HVPLS that can be applied at the access layer and
convergence layer of the MAN.
The S9300 supports HVPLS to realize link protection to the two NPEs in dual-homing mode.
On the HVPLS network, the S9300 acts as the UPE device to converge services from the CE.
The S9300 supports the following HVPLS network architecture:
l UPE+NPE Network Architecture
l UPE+PE-AGG+NPE Network Architecture
4.3.1 UPE+NPE Network Architecture
4.3.2 UPE+PE-AGG+NPE Network Architecture
Product Description
Issue 01 (2010-12-15)
4.3.1 UPE+NPE Network Architecture
Figure 4-5 S9300 Application of HVPLS with UPE+NPE network architecture
IP/MPLS
Core
UPE
H-VPLS
DSLAM DSLAM
BFD for LSP
BFD for LSP
LSW
UPE
UPE
UPE
NPE
NPE
LSW
LSW LSW

As shown in Figure 4-5, on the HVPLS network, the S9300 acts as the UPE device. The Huawei
ME60 and NE40E routers can be used as the NPE devices.
l As the UPE device, the S9300 accesses services and classifies traffic through the selective
QinQ. Services of different types can be mapped to different VSIs and then transparently
transmitted to NPE devices through HVPLS.
l The NPE terminates services on the Pseudo Wire (PW) tunnel and then process services
based on the VLAN ID and QinQ information.
l Link protection is realized through MPLS TE protection group along with BFD for LSP
on the HVPLS network.
4.3.2 UPE+PE-AGG+NPE Network Architecture
On the current network, PE-AGG devices can be added between the UPE and NPE devices. PE-
AGG devices aggregate services, terminate VPLS, and transparently transmit services to the
NPE device. The S9300 can serve as the PE-AGG or UPE device as shown in Figure 4-6.
4-5
Figure 4-6 S9300 application of HVPLS with UPE+PE-AGG+NPE network architecture
IP/MPLS
Core
PE-AGG
NPE
H-VPLS
BFD for LSP
UPE
DSLAM DSLAM
LSW
UPE
UPE
UPE
PE-AGG
NPE
LSW LSW
LSW

In this networking mode:
l The S9300 functions the same in this network architecture as that in the "UPE+NPE
Network Architecture."
l The S9300 terminates the VPLS tunnel and transparently transmits services to the NPE
device.
l The NPE terminate VLAN and QinQ, and then process services.
l Link protection is realized through BFD for LSP between the S9300 and the NPE device.
4.4 Application of RRPP
This section describes the function of RRPP in implementing fast protection switchover on ring
networks.
In the networking where common Ethernet ring networks are used, RRPP is adopted instead of
MSTP to achieve fast convergence of topologies.
Generally, the metro Ethernet uses two-layer rings:
l One layer is the convergence layer between the convergence devices PE-AGGs, for
example, RRPP Domain 1 shown in Figure 4-7.
Product Description
Issue 01 (2010-12-15)
l The other layer is the access layer between PE-AGGs and UPEs, for example, RRPP
Domain 2 shown in Figure 4-7.
Figure 4-7 Application of intersectant RRPP rings
IP/MPLS
Core
Ring 1
Domain 1
Ring 2
Domain 2
Switch-A
Switch-D
Switch-E
Switch-B
Access Layer
Aggregation Layer
Switch-F
Switch-G
LSW
DSLAM
Switch-C
LSW

As shown in Figure 4-7, Ring 1 belongs to Domain 1; Ring 2 belongs to Domain 2. Ring 1 and
Ring 2 are tangent at Switch-C.
l On Ring 1, Switch-C is the master node; Switch-C, Switch-E, Switch-F, and Switch-G are
PE-AGGs.
l On Ring 2, Switch-C is the master node; Switch-A, Switch-B, and Switch-D are UPEs.
For multiple tangent RRPP rings, the failure of a ring does not affect other domains. The
convergence process of RRPP rings in a domain is the same as that of a single ring.
On RRPP rings, Layer 2 and Layer 3 services can be fast switched in the case of link faults.
l Fast switch of Layer 2 services
In normal situations, the data flow travels along the path of Switch-A Switch-B
Switch-C on Ring 2. If the link between Switch-A and Switch-B fails, the data flow is
switched to another path on the RRPP ring.
After the link between Switch-A and Switch-B fails and then the master node is notified
of the link fault, the master node immediately unblocks the secondary port.
At this time, the network topology changes, the original MAC address tables of the nodes
cannot correctly guide the Layer 2 forwarding. Thus, Layer 2 traffic is interrupted. After
unblocking the secondary port, the master node immediately requires other nodes on the
4-7
ring to re-learn MAC address entries. The Layer 2 traffic on the RRPP ring is switched to
the path of Switch-A Switch-D Switch-C.
l Fast switch of Layer 3 services
In normal situations, the data flow travels along the path of Switch-C Switch-E
Switch-F on Ring 1. When the link between Switch-C and Switch-E fails, the data flow is
switched to another path on the RRPP ring.
After the link between Switch-C and Switch-E fails and then the master node is notified of
the link fault, the master node immediately unblocks the secondary port.
At this time, the network topology changes, the original ARPs and FIBs of the nodes cannot
correctly guide the Layer 3 forwarding. After unblocking the secondary port, the master
node immediately requires other nodes on the ring to re-learn MAC address entries. The
Layer 2 traffic on the RRPP ring is switched to the path of Switch-C Switch-G
Switch-F.
4.5 Application of Smart Link in Dual-Homing Networking
This section describes the function of Smart Link in dual-homing networks.
Generally, Smart Link is adopted on dual-homing Ethernet networks to implement fast switching
of links.
Figure 4-8 Application of Smart Link
Intranet
UPE1
UPE2
PE-AGG1
PE-AGG2
Intranet
SmartLink
Group
Active link
Standby link
SmartLink
Group
Core
network
IP/MPLS
SmartLink
Group
SmartLink
Group

Smart Link can be deployed anywhere on the MAN to provide the dual-homing connections By
adopting Smart Link, UPE 1 or UPE 2 is dual-homed to PE-AGG 1 and PE-AGG 2 .
For example, configure the Smart Link group on UPE 1 and UPE 2. The upstream devices only
need to receive and send Flush packets. In the two uplinks, one link forwards packets and the
other is blocked. When the active link fails, Smart Link swiftly senses the fault and switches
traffic to the standby link.
When the Monitor Link group is configured on PE-AGG 1 and PE-AGG 2, the uplink interface
is associated with the downlink interface.
Product Description
Issue 01 (2010-12-15)
4.6 Application of Ethernet OAM
This section describes the application of Ethernet OAM on the MAN.
The S9300 provides Ethernet OAM to implement fault detection and protection switchover in
less than 50 ms.
Figure 4-9 Application of Ethernet OAM on the MAN
Hotel
Residential
area
Commercial
center
EFM OAM
(802.3ah)
Ethernet in the first mile
Ethernet CFM (802.1ag)

Access convergence
layer on the MAN
Backbone
network
BRAS
Router
IP/MPLS
core network
PE-AGG
PE-AGG
UPE
UPE
UPE
UPE
UPE CE
CE
CE
CE
CE
Intranet

Ethernet CFM can be applied at the access convergence layer on the MAN. MDs are classified
based on which ISP manages the devices. All the devices that are managed by the same ISP can
be configured in the same MD. MAs are classified based on different services. An MA is
associated with a VLAN. MEPs within an MA periodically exchange CCMs to test the
connectivity on the network. After Ethernet CFM detects a connectivity fault, alarms are
generated and MAC ping and MAC trace are provided to verify and locate the fault.
EFM OAM is enabled on the CEs and UPEs. EFM OAM can test link connectivity of user
services by periodically exchanging OAMPDUs between the CE and NPE. EFM OAM monitors
link performance by testing the errored frames, errored codes, and errored frame seconds on the
link. This provides transmission services required in the SLA for users. EFM OAM also provides
alarms when a fault occurs.
4-9
4.7 Application of QoS
This section describes the application of QoS on the MAN.
In the networking shown in Figure 4-10, enterprise A has two subdivisions: enterprise A-1 and
enterprise A-2; enterprise B has two subdivisions: enterprise B-1 and enterprise B-2. The
Ethernet VLL between the subdivisions of an enterprise is used to transmit services of voice,
video, and data. Meanwhile, each subdivision requires access to the Internet.In Figure 4-10,
Switch represents the S9300.
Figure 4-10 S9300 application of QoS
LSW
Switch
Switch Switch
Enterprise A-1
Enterprise A-2
Enterprise B-1
Enterprise B-2
IP/MPLS
core
network
VPN of enterprise A
VPN of enterprise B
Metro
Voice
Video
Data
2 Mbit/s
4 Mbit/s
4 Mbit/s
10 Mbit/s
Voice
Video
Data
2 Mbit/s
4 Mbit/s
4 Mbit/s
10 Mbit/s
In
tern
e
t
Intern
e
t
In
tern
e
t
Intern
e
t

Enterprise A has the following requirements:
l The Ethernet VLL services between enterprise A-1 and enterprise A-2 need a bandwidth
of 10 Mbit/s to guarantee bandwidth for different services.
Voice services
The guaranteed bandwidth is 2 Mbit/s.
Video services
The guaranteed bandwidth is 4 Mbit/s.
Data services
Product Description
Issue 01 (2010-12-15)
The guaranteed bandwidth is 4 Mbit/s. It is also required that the remaining idle
bandwidth can be occupied by data services. Thus, the peak bandwidth is 10 Mbit/s.
Enterprise B has the same requirements as enterprise A.
By applying level-2 traffic management of QoS on the Switch, you can meet the requirements
of different services and users for network resources.
4.8 Application of Selective QinQ
This section describes the function of selective QinQ that can be applied in the actual networking.
The S9300 provides the selective QinQ function. The networking of selective QinQ is shown in
Figure 4-11.In Figure 4-11, Switch represents the S9300.
Figure 4-11 S9300 application of selective QinQ
Router
Switch
LSW
DSLAM
VLAN1-500
TMG
Video
server
ISP network
VLAN1-1000
User network
VLAN500-700
VLAN700-1000
VLAN1-1000
LSW
v10 v100
v10 v800
v10 v600
v30 v450
v30 v850
v30 v650
v450
v100
PSTN
BRAS BRAS
In
tern
e
t
Intern
e
t
In
tern
e
t
Intern
e
t
v650
v600
v850 v800

The three enterprise networks shown in Figure 4-11, all need to transmit data, voice, and video
services. The Switch can append an outer ISP VLAN tag to the packets of each kind of access
services. For example:
4-11
l Add an outer ISP VLAN tag VLAN 10 for data services of VLAN 100, VLAN 600, and
VLAN800 from the customer networks.
l Add an outer ISP VLAN tag VLAN 30 for video services of VLAN 450, VLAN 650, and
VLAN850 from the customer networks.
Offering the selective QinQ function, the S9300 can converge services and choose different
paths for various services. This facilitates network deployment.
4.9 Application of the S9300 in IPTV Service
This section describes the networking and application policy of the S9300 in the IPTV service.
4.9.1 Networking of IPTV
4.9.2 Protection of IPTV Services
4.9.1 Networking of IPTV
The S9300 supports IPTV application as shown in Figure 4-12.
Figure 4-12 S9300 application of IPTV
STB
DSLAM
Switch
BRAS BRAS
Router
(DR)
Router
(BDR)
STB STB
Switch
DSLAM
Video server
IP/MPLS core
Video stream
Product Description
Issue 01 (2010-12-15)

The S9300 provides the IGMP snooping function and multicast across VLANs. It can serve as
the duplication and control point for multicast at the access layer of the MAN to meet the demand
for large-capacity multicast services. The multicast traffic can be copied within or across
VLANs.
The DSLAM device provides the IGMP proxy function.
In the networking shown in Figure 4-12:
l The routers runs the PIM protocol. The routers run for the Designated Router (DR) or
Backup Designated Router (BDR). DR processes the IGMP packets and copies the video
stream from the IPTV server.
l Enable the IGMP snooping on the Switch to listen to IGMP packets. The Switch only sends
an IGMP request packet to join the multicast group. The multicast forwarding group is then
established. A static multicast group can be set up with popular channels.
l The Switch copies the multicast data to the DSLAM based on the multicast forwarding
table.
In addition, the S9300 supports port prompt-join or prompt-leave. This realizes fast switch of
IPTV services.
4.9.2 Protection of IPTV Services
As shown in Figure 4-13, along with the NPE in the networking, the S9300 provides a protection
mechanism for IPTV services.
4-13
Figure 4-13 S9300 protection for IPTV services
STB
DSLAM
Switch
BRAS BRAS
Router
(DR)
Router
(BDR ->DR)
STB STB
Switch
DSLAM
IPTV server
IP/MPLS core
Video stream
Fault
BFD for PIM
BFD for PIM

The following mechanism is used to protect the IPTV services:
1. BFD for PIM is enabled between the two routers. BFD for PIM is used to detect the link
status of the multicast link.
2. When faults occur to the link, or the Switch, or one of the routers, BFD for PIM is used to
detect faults in 50 ms.
3. The router on the right acts as BDR. BDR swiftly switches to DR. Thus both the routers
become DR to forward multicast packets at the same time.
4. When faults recover, the routers run for DR/BDR again. The service is back to normal.
4.10 Application of the S9300 in NAC Networking
This section describes the application of the S9300 in the NAC networking.
Product Description
Issue 01 (2010-12-15)
Figure 4-14 shows the application of the S9300 in the NAC networking.In Figure 4-14,
Switch represents the S9300.
Figure 4-14 Application of the S9300 in the NAC networking
Policy server
Patch/anti-virus server
Separated
area
Visit area
Work area
Portal server
Switch
ACS/SC

On an enterprise intranet, a personal computer (PC) does not need to be installed with the terminal
software program. The user is redirected to the login page by captive portal. The user needs to
enter user name and password. Then the NAD, namely, the Switch, submits the user name and
password to the RADIUS server for authentication. Before passing the authentication, the user
can access only the resources in the separated area.
The ACS or SC, which is similar to a RADIUS server, returns a message notifying that the user
passes the authentication.
The PC and the ACS set up an HTTP link and the ACS verifies the security of the PC. After the
security of the PC is verified, the user can access the common data area or core data area
depending on the user authority.
When the Session-Time-Out feature is configured, if the authentication server is unavailable,
for example, authentication times out or the RADIUS server does not respond, the user is allowed
to go online and access the network. In this case, the Session-Time-Out timer is started and the
user is authenticated again when the timer expires.
4.11 Applications of the Firewall
This section describes the firewall networking and policy of the S9300.
Application on the Enterprise Intranet
The switch that provides the firewall function is deployed at the egress of the headquarters of a
company. When providing external services such as Web, FTP, and email services, the switch
prevents internal resources of the headquarters from being attacked on the Internet. The
switch provides NAT for the staff of the company who need to log in to the Internet, and functions
as the remote VPN access point of branches. Branch egress where the firewall is deployed: The
4-15
switch prevents internal resources of the headquarters from being attacked on the Internet and
provides VPN services for the branch staff who need to access the network of the headquarters.
Figure 4-15 shows the networking of the firewall on the enterprise intranet.
Figure 4-15 Networking diagram for applying the firewall to the enterprise intranet
I
n
tern
e
t
I
n
tern
e
t
I
n
tern
e
t
I
n
tern
e
t
On-business staff
Web Server
Mail Server
FTP Server
Switch
firewall
Branch
Switch
firewall

Application on the ISP Network
The switch that provides the firewall function is deployed at the egress of the ISP. It protects
ISP servers and ISP users, prevents attacks on the Internet, and functions the NAT gateway for
users to access the Internet. Figure 4-16 shows the networking of the firewall on an ISP network.
Product Description
Issue 01 (2010-12-15)
Figure 4-16 Networking diagram applying the firewall to the ISP network
I
n
tern
e
t
I
n
tern
e
t
I
n
tern
e
t
I
n
tern
e
t
PSTN
Access
server
Web server
Switch
(firewall)

Application in the Data Center
The switch that provides the firewall function is deployed at the egress of the data center. It
protects the servers in the data center against attacks on the Internet and protects the key data
stored in the data center. The firewall is deployed at the egress of the data center; therefore, you
need to deploy the firewalls in redundancy mode to ensure the high availability of the data center.
Figure 4-17 shows the networking of the firewall in the data center.
4-17
Figure 4-17 Networking diagram for applying the firewall to the data center
I
n
tern
e
t
I
n
tern
e
t
I
n
tern
e
t
I
n
tern
e
t
Server farm
Convergence
layer
Switch (firewall)
Switch (firewall)
Core layer
Access
layer
Cashes
Server farm Server farm
Active link
Backup link

Product Description
Issue 01 (2010-12-15)
5 Operation and Maintenance
About This Chapter
This section describes the method of configuration and login, the measures to monitor devices
and debug faults, the process of software upgrade and in-service patching and the functions of
network management system for the S9300.
5.1 Maintenance and Management
and debug faults, and the process of software upgrade and in-service patching.
5.2 NMS
This NMS provides resource management, topology management, configuration management,
fault management, performance management, and security management for the S9300.
Product Description 5 Operation and Maintenance
5-1
5.1 Maintenance and Management
and debug faults, and the process of software upgrade and in-service patching.
5.1.1 Configuration Modes
5.1.2 Management and Monitoring
5.1.3 Diagnosis and Debugging
5.1.4 In-Service Software Upgrade and Patching
5.1.1 Configuration Modes
Multiple Maintenance Modes
The S9300 supports configuration and management in the following ways:
l Through the command line interface (CLI)
Users can configure and manage the S9300 by logging in to the device from a terminator
through the console port or the ETH interface.
l Through the NMS
Users can configure and manage the S9300 based on SNMP through a network management
station.
l Through Web network management
The Web server is embedded in the S9300. You can configure the S9300 by logging in to
the Web page through the browser.
Flexible Login Modes
To support local and remote login, the S9300 offers the following interfaces:
l Console port
Users can log in to the console port of the S9300 through the RS-232 serial port of a terminal
device.
l ETH interface
Users can log in to the ETH interface of the S9300 through Telnet or SSH.
In addition, users can also telnet the S9300 through other service ports.
To satisfy different security demands, the S9300 offers various measures to authenticate user
login, such as:
l Non-authentication
l Local authentication
l AAA authentication
Product Description
Issue 01 (2010-12-15)
5.1.2 Management and Monitoring
Hardware Monitoring
The S9300 provides the following hardware monitor functions:
l Provides the MCU, SRU, LPU, CMU, power module, and panel of a fan frame with
indicators to indicate their running status.
l Provides in-service board detection, hot swap detection, Watch Dog, board resetting, fan
module monitoring, power module monitoring, active/standby switchover and log
recording for the users' reference.
l Monitors the temperature of boards automatically when the system is running and controls
the temperature.
l Provides statistics on abnormal and error packets.
l Provides statistics on the protocol packets to be delivered to the CPU and details of the
packets.
l Provides information for querying the utilization of CPU and memory.
Management and Maintenance
The S9300 provides the following management and maintenance functions:
l Supports multi-user operations and user interface (UI) in two languages: Chinese and
English.
l Provides command lines with flexible online help. Command line descriptor searches
keywords with a partial match, which speeds up the input of commands.
l Provides hierarchical command lines and management of user authorities which prevents
unauthorized users from logging in to the S9300.
l Provides classification and filtering of alarms.
l Provides DosKey-like function to run a history command.
l Provides local and remote loading and upgrading of software and supports version rollback,
backup, storage and purge.
l Supports information collection at different layers such as the port, Layer 2, or Layer 3.
l Supports the information center to provide the uniform management of logs, traps and
debugging information and can redirect information as required.
l Supports display of system status and version, and environment parameters such as
temperature, utilization of CPU and memory.
5.1.3 Diagnosis and Debugging
Ping and Trace
The S9300 supports the following tools for testing the connectivity and recording transmission
paths of packets on IP networks:
l Ping
l Trace
The S9300 supports the following tools for testing the connectivity and recording transmission
paths of packets on MPLS networks:
5-3
l MPLS ping
l MPLS trace
The S9300 provides the following tools to check the link-layer connectivity of the devices on
the network and obtain information about network status and delay:
l MAC Ping
l MAC TraceRoute
Debugging
The S9300 provides the debugging commands for each feature. The debugging information is
extensive and in detail to diagnose faults easily. Each debugging command supports multiple
parameters. Debugging can be enabled or disabled on specified interfaces for specified services
through the console port.
The debugging commands can display the following information of the feature:
l Critical events
l Process running
l Packet transmission and processing
l Packet resolution
l State switchover
l Error check
Trace
The S9300 supports the system trace function. Trace is used to perform advanced test and
diagnose software. The S9300 also uses trace to on-line record important events including the
task switching, interrupting, queue reading and writing, and system exception.
System can refer to the trace information to locate faults after rebooting in case of failures. Trace
can be enabled and disabled by using commands.
Mirroring
The S9300 supports port mirroring and flow mirroring.
l Port mirroring
Incoming traffic, outgoing traffic, or both incoming and outgoing traffic at the observed
port is copied intact to the observing port.
l Flow mirroring
Observed flows are copied intact to the observing port.
Connecting a host with the observing port of the S9300 and watching the received packet, the
ISPs can observe the packets that the S9300 inputs and outputs. The mirroring function offers
a basis of traffic detection, fault allocation, and data analysis.
Virtual Cable Detection
Given the virtual cable detection feature, the S9300 allows you to detect the current status of
cables connected to the Ethernet interfaces in the following aspects:
Product Description
Issue 01 (2010-12-15)
l Whether short circuits or open circuits occur on the receive or transmit cables
l Length of the faulty cable
5.1.4 In-Service Software Upgrade and Patching
In-Service Upgrade
The S9300 supports local and remote upgrading of the system software.
l Local upgrade
When the S9300 is booted, the software can be upgraded through the BootROM menu.
l Remote upgrade
The S9300 supports the active and standby main process units. To ensure uninterrupted
services when upgrading the software on the S9300, it is recommended to upgrade the
standby main process unit before carrying out active/standby switchover. After upgrading
the standby main process unit, upgrade the active main process unit.
In-Service Patching
The S9300 supports in-service patching. The features of in-service patching are as follows:
l The service is not interrupted during the loading of patches.
l The patching can either be confirmed or removed.
l Prompts of patching status are provided.
Version Rollback
The S9300 supports version rollback. The features of version rollback are as follows:
l If the upgraded version becomes unavailable, restart the software of another version to boot
the system.
l If faults occur during the process of upgrading or patching, the system can be recovered to
the status before the upgrading or patch loading.
5.2 NMS
This NMS provides resource management, topology management, configuration management,
fault management, performance management, and security management for the S9300.
U2000
The S9300 uses Huawei U2000 as a centralized NMS. The U2000 provides a multi-language
graphical user interface (GUI) for convenient and visualized operations. The U2000 also
provides northbound interfaces for connecting to a third-party NMS and can be interconnected
or integrated with other NMSs of carriers.
The U2000 uses Simple Network Management Protocol (SNMP) to manage devices and
supports the CLI to manage device configuration. As the basis of Huawei data communications
network management system, the U2000 provides solution to manage and maintain the data
communications network. The U2000 can manage network elements and certain devices at the
network layer. The U2000 provides the following functions:
5-5
l Resource management
l Topology management
l Fault management
l Performance management
l Test and diagnosis management
l Network element configuration management
l VPN service management
l LSP service management
l DC management
l Syslog management
l Security management
l Operation log management
l Report management
Web Network Management
The S9300 uses Huawei U2000 as a centralized NMS. The U2000 supports a multi-language
GUI for convenient and visualized operations. The U2000 also provides northbound interfaces
for connecting to a third-party NMS and can be integrated with other NMSs of carriers.
To facilitate maintenance and use of the S9300, the Web network management is introduced.
Web network management provides an embedded Web server in the S9300. Users can log in to
the S9300 through PCs to manage and maintain the S9300. By using Web network management,
the maintenance personnel need to configure only IP addresses and Web-based NMS accounts
on the S9300s, and then enter IP addresses in the address bar of the Microsoft Internet Explorer
to manage and maintain the S9300s. The operations are easy to learn and perform. In this manner,
the working efficiency of the network management personnel is greatly improved.
Product Description
Issue 01 (2010-12-15)
6 Technical Specification
About This Chapter
This section lists the physical parameters, power supply parameters, specification, and
performance indexes of the S9300.
6.1 Physical Specifications
This section describes the dimensions, power consumption, weight, voltage, and working
environment parameters of the S9300.
6.2 System Configuration
This section describes the switching capacity, backplane capacity, and forwarding rate of the
S9300.
6.3 Performance and Capacity
This section describes the performance specifications of the software and hardware of the
S9300.
6.4 List of Software Features
This section describes the software features of the S9300.
Product Description 6 Technical Specification
6-1
6.1 Physical Specifications
This section describes the dimensions, power consumption, weight, voltage, and working
environment parameters of the S9300.
Table 6-1 Physical specifications of the S9300
Item Specifications
Dimensions (width x depth x height) without the
switching rack-mounting ear
l S9303: 442.0 x 476 x 175
l S9306: 442 x 476 x 441.7
l S9312: 442 x 476 x 663.95
Maximum power consumption (fully configured) l S9303: 350 W
l S9306: 800 W
l S9312: 1400 W
Weight (fully configured) l S9303 < 22 kg
l S9306 < 42 kg
l S9312 < 70 kg
DC input voltage Rated voltage -48 V/ -60 V
Maximum voltage range -48 V: -38.4 V to -57.6 V
-60 V: -48 V to -72 V
AC input voltage Rated voltage l S9303/S9306: 110 V/220 V
l S9312: 220 V
Maximum voltage range 90 V to 290 V
PoE Power input mode Built-in. Only the AC power supply is
supported.
Redundancy mode of
power supplies
The S9303 does not support the backup
of AC power modules.
The S9306 and the S9312 support the
power supplies in 3+1, 2+2, or 4+0 (not
backup) mode.
Output power consumption S9303: a maximum of 800 W
S9306 and S9312: a maximum of 3200
W
Temperature Long-term operation 0C to 45C
Short-term operation -5C to 55C
Storage -40C to 60C
Relative humidity Long-term operation 5% RH to 85% RH, non-condensing
Product Description
Issue 01 (2010-12-15)
Item Specifications
Short-term operation 0% RH to 95% RH, non-condensing
Altitude for
installation
Long-term operation Less than 3000 m
Storage Less than 5000 m

6.2 System Configuration
This section describes the switching capacity, backplane capacity, and forwarding rate of the
S9300.
Table 6-2 System configuration of the S9300
Item Configuratio
n of the S9312
Configuratio
n of the S9306
Configuratio
n of the
S9303
Note
Processor 700 MHz
(Dominant
frequency)
700 MHz
(Dominant
frequency)
500 MHz
(Dominant
frequency)
-
DDR2
SDRAM
1 GB 1 GB 512 MB -
NVRAM 512 KB 512 KB 512 KB Battery supply
Flash 64 MB 64 MB 64 MB -
CF card 512 MB 512 MB 512 MB The CF card serves as a
mass storage device to
save data files and logs.
Switching
capacity
2 Tbit/s 2 Tbit/s 720 Gbit/s Bidirectional
Backplane
capacity
12Tbit/s 6Tbit/s 3Tbit/s Bidirectional
10GE port
density
576 288 144 -
FE/GE port
density
576 288 144 -
Forwarding
capability
1320 Mpps 1080 Mpps 540 Mpps -
Number of
slots for the
LPUs
12 6 3 LPU (Optional)
6-3
Item Configuratio
n of the S9312
Configuratio
n of the S9306
Configuratio
n of the
S9303
Note
Number of
slots for the
SRUs/
MCUs
2 2 2 S9306/S9312: SRU
S9303: full mesh
Max
transmissio
n rate on a
port of the
LPU
48GE,
4810GE
48GE,
4810GE
48GE,
4810GE
-

6.3 Performance and Capacity
This section describes the performance specifications of the software and hardware of the
S9300.
Table 6-3 Performance specifications of the S9300
Attribute Service Feature Specifications
Availability Availability 0.99999768
Mean Time Between Failure (MTBF) 24.59 years
Mean Time To Repair (MTTR) 0.5 hours
Downtime 1.22 minutes/year
Ethernet Number of MAC addresses supported
by each LPU
l ED board: 512 K
l EC board: 128 K
l EA/SA/FA board: 32 K
Number of VLANs 4 K
Number of trunk groups and number of
interfaces supported by each trunk group
128 trunk groups, each of which
supports a maximum of 8 interfaces
Rate of learning MAC addresses More than 3000 each second
Number of ARP entries 16 K
Number of ARP entries supported by
each LPU
l EA/EC/ED board: 16 K
l SA/FA board: 8 K
QoS Number of QoS queues on a port 8
CAR l ED/EC/EA/FA board: 8 kbit/s
l SA board: 64 kbit/s
Product Description
Issue 01 (2010-12-15)
ACL ACLv4 Number of IPv4 ACLs supported
by each LPU:
l ED board: 70K for inbound
traffic; 1000 for outbound
traffic
l EC board: 70K for inbound
traffic
l EA board: 6000 for inbound
traffic
l SA (24GE) board: 3000 for
inbound traffic; 500 for
outbound traffic
l SA (X12SA/X48SSA) board:
1200 for inbound traffic; 500 for
outbound traffic
l FA (G48SFA/G48TFA/
F48TFA) board: 1200 for
outbound traffic
l FA (G24CFAT) board: 3000 for
outbound traffic
ACLv6 Number of IPv6 ACLs supported
by each LPU:
l ED board: 67K for inbound
traffic; 250 for outbound traffic
l EC board: 35K for inbound
l EA board: 3000 for inbound
l SA (24GE): 1500 for inbound
l SA (X12SA/X48SSA): 250 for
outbound traffic
l FA (G48SFA/G48TFA/
F48TFA): 250 for inbound
l FA (G24CFAT): 250 for
outbound traffic
MPLS Number of LSPs 8 K
6-5
Number of LDP neighbors > 256
L2VPN Number of VLL entries 4 K
Number of VSI entries 1 K
L3VPN Number of VRFs 2 K
Number of VPN routes l S9306/S9312: 500 K
l S9303: 140 K
IP Session - 8 K on an LPU and 16 K on the
entire equipment
IP unicast IPv4 forwarding IPv4 forwarding at line speed
Number of routing entries l S9306/S9312: 512K
l S9303: 220K
IPv4 FIB l ED board: 512 K
l EC board: 128 K
l EA board: 16 K
l SA/FA board: 12K
IPv6 FIB l ED board: 256 K
l EC board: 64 K
l EA board: 8 K
l SA/FA board: 6K
Multicast Number of static multicast routes 256
Number of L2 multicast forwarding
entries
1 K
Number of L3 multicast forwarding
entries
l ED/EC/EA board: 4 K
l SA/FA board: 2 K
Reliability BFD l BFD sessions: 2 K
l Minimum fault discovery
duration: If no FSU is
configured, the duration is 3s; if
an FSU is configured, the
duration is 50 ms.
Product Description
Issue 01 (2010-12-15)
Ethernet OAM l 802.1ag
Up to 64 MDs can be created on
the entire equipment.
The number of MAs on the
entire equipment is as follows:
S9312 and S9306: 4 K
S9303: 2 K
Detection time: 3.3 ms/10 ms/
100 ms/1s/10s/1 min/10 min
l 802.3ah
Detection time: 100 ms/1s
RRPP l Maximum number of RRPP
instances: 48
l Rings supported by the entire
equipment: 64
l Rings supported by an LPU: 5
l Maximum number of RRPP
domains: 64
l link switchover time: less than
50 ms
VRRP l VRRP backup groups on the
entire equipment: 255
l VRRP backup groups on the
entire equipment: 16
l Virtual IP addresses in each
VRRP backup group: 16
l Switchover time: If no FSU is
configured, the time is 3s; if an
FSU is configured, the time is 50
ms.
SmartLink l Maximum number of instances
on the entire equipment: 48
l The switchover time is less than
50 ms.
MSTP l Maximum number of instances
l The switchover time is less than
100 ms.
6-7
SEP l Maximum number of segments
l The convergence time is less
than 50ms

6.4 List of Software Features
This section describes the software features of the S9300.
Table 6-4 Software features list of the S9300
Feature Description
Ethernet features Ethernet l Supports operating mode of full-duplex, half-
duplex, and auto-negotiation.
l Supports 10/100/1000 Mbit/s and 10 Gbit/s rate
of Ethernet ports.
l Supports auto-negotiation rate of Ethernet ports.
l Supports flow control on ports.
l Supports Jumbo packets.
l Supports binding ports into Ethernet trunk.
l Supports load balancing on links in the trunk.
l Supports port isolation and forwarding
restriction.
l Supports broadcast storm suppression.
VLAN l Supports access modes of Access, Trunk, Hybrid,
and QinQ.
l Supports default VLAN.
l Supports 1:1 VLAN mapping.
l Supports N:1 VLAN mapping.
l Supports 802.1p-based VLAN mapping.
l Supports QinQ.
l Supports selective QinQ.
l Supports VLAN switching.
MAC l Supports automatic learning and aging of MAC
addresses.
l Supports static, dynamic, and blackhole MAC
entries.
l Supports limit to MAC address learning based on
ports and VLANs.
Product Description
Issue 01 (2010-12-15)
Feature Description
ARP l Supports static and dynamic ARP.
l Supports ARP in VLAN.
l Supports aging of ARP entries.
Smart Link l Supports Smart Link.
l Supports Smart Link multi-instance.
l Supports Monitor Link.
DLDP Supports unidirectional link detection.
LLDP Supports LLDP.
Virtual cable test Supports virtual cable detection.
Protection
against Ethernet
loops
MSTP l Supports STP.
l Supports RSTP.
l Supports MSTP.
l Supports BPDU guard, root guard, and loop
guard.
l Supports BPDU tunnel.
RRPP l Supports RRPP.
l Supports RRPP multi-instance.
Loop detection l Support loop detection.
IP routing IPv4 unicast l Network management interface supports IPv4
unicast data packets.
l Network management interface supports static
IPv4 unicast routes.
l Supports RIP, OSPF, IS-IS, and BGP.
l Supports the DHCP server and the DHCP relay.
l Supports DHCP snooping.
IPv6 unicast l Supports RIP, OSPFv3, ISISv6, and BGP+.
l Supports TCP6, ping IPv6, tracert IPv6, and
socket IPv6.
l Supports DHCPv6 snooping.
l Supports ND Snooping
IPv4/IPv6
transition
l Supports the IPv6 over IPv4 tunnel.
l Supports IPv4 over IPv6.
l Supports 6FE.
6-9
Feature Description
Multicast - l Supports IGMP, MLD, MSDP, PIM-DM, PIM-
SM, and PIM-SSM.
l Supports IGMPv1, IGMPv2, IGMPv3 snooping.
l Supports MLDv1 snooping.
l Supports fast-leave of users.
l Controls multicast traffic.
l Supports multicast VLAN.
l Supports multicast querier.
l Suppresses multicast protocol packets.
l Supports multicast ACL.
l Supports multicast copy.
l Supports IGMP snooping over VPLS.
l Supports multicast VPN
MPLS features Basic MPLS
functions
l Supports static LSP.
l Supports static mapping between VLAN and
MPLS SVC to provide virtual dedicated Ethernet
lines.
l Supports L2VPN and L3VPN.
l Supports two-layer MPLS labels.
l Supports MPLS over Ethernet.
l Maps the 802.1p priority to the EXP field in the
MPLS packet.
MPLS OAM l Supports LSP ping and LSP traceroute.
l Supports automatic fault detection.
l Supports 1+1 protection of LSP.
MPLS-TE l Supports establishment of MPLS-TE tunnel.
l Supports MPLS-TE protection group.
VLL/HVPLS l Supports VLL in SVC, Martini, Kompella or
CCC mode.
l Supports VPLS in Martini or Kompella mode.
l Supports HVPLS in LSP and QinQ mode.
l Supports the VLL access and VPLS access after
VLAN switching is performed.
Ethernet OAM Ethernet OAM l Supports P2P Ethernet fault management defined
in IEEE 802.3ah.
l Supports Ethernet OAM defined in IEEE
802.1ag.
l Supports MAC ping and MAC trace.
Product Description
Issue 01 (2010-12-15)
Feature Description
BFD - l Supports BFD physical link detection.
l Supports connectivity detection for IP.
l Supports connectivity detection for LSP, CR-
LSP, and MPLS TE protection group.
l Supports BFD detection on the VPLS network.
l Supports BFD detection based on VPLS and
protection switchover for the diagnosis packet
that manages the switchover of VPLS.
QoS features Traffic
classification
l Supports classification based on Layer 2 protocol
header, Layer 3 protocol, Layer 4 protocol, 802.1p
priority, or their combination.
l Supports classification based on C-VID of QinQ
packets.
Traffic behavior l Controls access of the classified packets.
l Supports traffic policing based on CAR.
l Supports packet re-marking according to the
classification.
l Supports queuing of the classified packets.
l Supports mixed use of traffic classification and
traffic behavior.
Queue
scheduling
l Supports PQ, WRR, DRR, PQ+WRR, and PQ
+DRR scheduling.
Congestion
avoidance
l Supports WRED.
l Supports tail drop.
Traffic shaping l Supports traffic shaping for the outbound traffic.
Traffic policing Supports two-level traffic policing.
Clock - l Ethernet clock synchronization
l 1588v2
PoE - l Supports IEEE 802.3af/802.3at.
l Each interface provides 30 W power.
enterprise
network feature
NAC l Supports 802.1x authentication.
l Supports MAC address authentication.
l Supports Portal authentication.
l Supports MAC address bypass authentication.
l Supports direct authentication.
6-11
Feature Description
Firewall l Packet filtering
l ASPF
l Supports attack defense.
l Supports transparent firewall.
l Supports firewall multi-instance.
NAT l Supports the NAT address pool.
l Supports NAPT.
l Supports the NAT server.
l Supports static NAT/NAPT.
l Supports Easy IP.
l Supports ALG.
l Supports NAT multi-instance.
Load balancing l Supports server detection.
l Supports session holding.
l Supports multiple load balancing algorithms.
l Supports server load balancing at Layers 4 to 7.
IPSec VPN
NOTE
The release of
Russia does not
provide the IPSec
VPN.
l Supports IKEv1/v2 negotiation.
l Supports AH and ESP modes.
l Supports detection through Keepalive messages.
l Supports NAT traversal.
l Supports manual configuration of the static SA.
l Supports multiple encryption algorithms.
Configuration
and maintenance
Terminal
services
l Supports CLI configuration.
l Supports prompt and help information in English
and Chinese.
l Supports terminal services through the Console
port or Telnet.
l Supports the Send function to make the terminals
communicate with each other.
File system l Supports file system.
l Supports directory and file management.
l Supports file uploading and downloading through
FTP and TFTP.
Product Description
Issue 01 (2010-12-15)
Feature Description
Debug and
maintenance
l Supports unified management of logs, traps, and
debugging information.
l Supports electronic labels.
l Supports logs of users.
l Supports detailed debugging information to assist
troubleshooting.
l Supports black box.
l Supports network testing tools such as
traceroute and ping commands.
l Supports port mirroring and traffic mirroring.
Availability l Supports the power modules in 1+1 or 2+2 backup
mode and the fan modules in N+1 backup mode.
l Supports hot swap of the SRUs/MCUs, LPUs, fan
modules, and power modules.
l Supports the SRUs/MCUs in 1+1 backup mode.
l Supports automatic switchover and forcible
switchover of the SRUs/MCUs.
l Supports the bundling of Ethernet ports on
different boards.
Software
upgrade
l Supports in-service upgrade of VRP system
software.
l Supports in-service upgrade of BootROM.
l Supports in-service patch.
l Supports version rollback.
6-13
Feature Description
Security and
management
System security l Supports hierarchical commands to protect
against unauthorized users.
l Supports SSH v1.5 and v2.0.
l Supports RADIUS and HWTACACS
authentication.
l Supports ACL filtering.
l Supports defend against attacks of DoS, SYN
flood of TCP, UDP flood, broadcast storms, and
large traffic.
l Supports limit to MAC address learning.
l Supports blackhole MAC.
l Supports port isolation.
l Supports packet filtering.
l Supports CPU channel guard.
l Supports the suppression of ARP packets based
on IP addresses.
l Supports blacklist and whitelist.
l Supports attack trace.
l Supports Automatic Laser Shutdown (ALS)
Network
management
l Supports ping and traceroute functions.
l Supports SNMPv1/v2c/v3.
l Supports standard MIB.
l Supports RMON.

Product Description
Issue 01 (2010-12-15)

Quidway S9300 Terabit Routing Switch Product Description (V100R003C01 - 01) PDF

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Quidway S9300 Terabit Routing Switch Product Description (V100R003C01 - 01) PDF

Diunggah oleh

Hak Cipta:

Format Tersedia

Quidway S9300 Terabit Routing Switch

Ethernet CFM (802.1ag)

Anda mungkin juga menyukai